question

KyriakosPetrou-4812 avatar image
0 Votes"
KyriakosPetrou-4812 asked Bruce-SqlWork answered

Net Core 2.2 Web App - Cookie of browser too large on specific server

I have a web application running on .Net Core 2.2 and so far it has been deployed on various servers on IIS screenshot of web.config (https://i.stack.imgur.com/9nVUr.png)

The cookies created on all the servers so far are around 2.7kb

screenshot of usual behavior - localhost (https://i.stack.imgur.com/7ptlf.png)

screenshot of usual behavior - public domain with https (https://i.stack.imgur.com/FltKX.png)

When deployed on a particular server that cookie becomes too large and is chunked. Causing problems overall screenshot of chunked cookie (https://i.stack.imgur.com/VE4oP.png)

Does anyone know what is causing this?

windows-server-iisdotnet-aspnet-core-mvc
· 4
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BrandoZhang-MSFT avatar image BrandoZhang-MSFT ·

In my opinion, this is depend on how you used the cookie inside your application. Since the cookie is encrypted by default, I suggest you could try to write a page at your application to display which value is stored inside the cookie , then we could find these cookies are related with which codes.

0 Votes 0 ·
KyriakosPetrou-4812 avatar image KyriakosPetrou-4812 BrandoZhang-MSFT ·

Thanks for the prompt reply. Below is the source code that is being used for signing the relevant claims into the cookie. We have over than 150 completed installations, and no specific problem occurred. Only this particular client experiences the aforementioned issues with cookies. Is it related with their IIS installation/configuration? 

                         ClaimsIdentity claimsIdentity = new ClaimsIdentity(loginResult.Claims, CookieAuthenticationDefaults.AuthenticationScheme);
                         AuthenticationProperties authProperties = new AuthenticationProperties
                         {
                             ExpiresUtc = DateTime.UtcNow.AddMinutes(10),
                             IsPersistent = true,
                             AllowRefresh = false
                         };
                         HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);
0 Votes 0 ·
BrandoZhang-MSFT avatar image BrandoZhang-MSFT KyriakosPetrou-4812 ·

According to the codes, I couldn't find out the reason why your cookie contain so many information. I suggest you could read the cookie information after publish to the server then we could find out why it contains so many information.

0 Votes 0 ·
Show more comments

1 Answer

Bruce-SqlWork avatar image
0 Votes"
Bruce-SqlWork answered

check that they are not using a proxy or load balancer that is rewriting the cookies

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.