Question : cookie is too large

[RomainDGrey]

Hello,

I downloaded this repo following the AzureAD guidelines. It's functionnal and working well.

I tried to implement the same behavior on my project but unfortunately, the cookie which contains my user after a successful authentication is never stored because it is too big:

UserWarning: The "b'session'" cookie is too large: the value was 5830 bytes but the header required 26 extra bytes. The final size was 5856 bytes but the limit is 4093 bytes. Browsers may silently ignore cookies larger than this.

I am pretty sure that I am using the filesystem cookie as the app.config looks like this :

<Config {'ENV': 'production', 'DEBUG': False, 'TESTING': False, 'PROPAGATE_EXCEPTIONS': None, 'PRESERVE_CONTEXT_ON_EXCEPTION': None, 'SECRET_KEY': b'azure-samples-hihing', 'PERMANENT_SESSION_LIFETIME': datetime.timedelta(days=31), 'USE_X_SENDFILE': False, 'SERVER_NAME': None, 'APPLICATION_ROOT': '/', 'SESSION_COOKIE_NAME': 'session', 'SESSION_COOKIE_DOMAIN': None, 'SESSION_COOKIE_PATH': None, 'SESSION_COOKIE_HTTPONLY': True, 'SESSION_COOKIE_SECURE': False, 'SESSION_COOKIE_SAMESITE': None, 'SESSION_REFRESH_EACH_REQUEST': True, 'MAX_CONTENT_LENGTH': None, 'SEND_FILE_MAX_AGE_DEFAULT': datetime.timedelta(seconds=43200), 'TRAP_BAD_REQUEST_ERRORS': None, 'TRAP_HTTP_EXCEPTIONS': False, 'EXPLAIN_TEMPLATE_LOADING': False, 'PREFERRED_URL_SCHEME': 'http', 'JSON_AS_ASCII': True, 'JSON_SORT_KEYS': True, 'JSONIFY_PRETTYPRINT_REGULAR': False, 'JSONIFY_MIMETYPE': 'application/json', 'TEMPLATES_AUTO_RELOAD': None, 'MAX_COOKIE_SIZE': 4093, 'AUTHORITY': 'https://login.microsoftonline.com/e1234386-fa51-toch-ange-2912346f7ab1', 'AZURE_SCOPE': ['User.Read'], 'BASE': 'myrouter.com', 'BASE_DIR': '/mnt/c/Users/me/Documents/projects/project/config', 'CLIENT_ID': 'f1234686-1234-toch-ange-c687f1234289', 'CLIENT_SECRET': 'bigpasswordhidden', 'MY_URL': 'https://127.0.0.1:5000/', 'REDIRECT_PATH': '/callback', 'URI': 'api.myrouter.com', 'URL_APP': 'https://api.myrouter.com/', 'SESSION_TYPE': 'filesystem', 'RESTX_MASK_HEADER': 'X-Fields', 'RESTX_MASK_SWAGGER': True, 'RESTX_INCLUDE_ALL_MODELS': False}>

The cookie looks like this :

login session <SecureCookieSession {'flow': {'auth_uri': 'https://login.microsoftonline.com/e1234386-fa51-toch-ange-2912346f7ab1/oauth2/v2.0/authorize?client_id=f1234686-1234-toch-ange-c687f1234289&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fcallback&scope=User.Read+offline_access+openid+profile&state=longStateolJcVES&code_challenge=longStateymS9rszhi5zFJznWkfWlphBcDIh3kMDuyw&code_challenge_method=S256&nonce=123456785d69bb25ee16d18b8a60dc0e81980bd6391b1234560ef0610ec9225f&client_info=1', 'code_verifier': 'longText0URfk-b.wA4Wj92V~mugYeQ5haxL_BONFrv', 'nonce': 'LongElementwiQJK', 'redirect_uri': 'http://localhost:5000/callback', 'scope': ['openid', 'User.Read', 'profile', 'offline_access'], 'state': 'longStateolJcVES'}, 'user': {'aud': 'f1234686-1234-toch-ange-c687f1234289', 'iss': 'https://login.microsoftonline.com/e1234386-fa51-toch-ange-2912346f7ab1/v2.0', 'iat': 1650898754, 'nbf': 1650898754, 'exp': 1650902654, 'name': 'Name Name2', 'nonce': '216752445d69bb25ee1234567890dc0e81980bd6391bd2acab0ef0610ec9225f', 'oid': '159e3f5f-1234-5678-9dce-9ecd2f425ebd', 'preferred_username': 'name.name2@company.com', 'rh': '0.AQ0123456781234ipCnlq296sYb2i_Qyp1VAg7DGh_0a0okNANE.', 'sub': '0Xau97iQqh7tc-1234567890DmvP8FaH2VNlGclrYCc', 'tid': 'e01bd386-fa51-1234-5678-29e5ab6f7ab1', 'uti': '7OYHo7dxxx0254sU6qJuRmAA', 'ver': '2.0'}}>

Could you please help me to understand what I am missing and why I am blocked by this cookie ?

Thank you, Romain

[RomainDGrey]

Sometimes, the easiest answer is the best :

from flask_session import Session app = Flask(__name__, static_folder="frontend/static") Session(app)