Hi,
Currently the data of each session cookie chunk is limited to 4000 bytes (hardcoded). However the Set-Cookie header itself is larger, as it contains more information about the cookie (e.g. expiration date, max age, samesite policy and so on) and that additional information can cause the cookie to exceed 4096 bytes, which is the size limit by Chrome. This in turn will cause the Set-Cookie header to be discarded.
This PR introduces a new configuration variable - session.cookie.maxsize, defaulting to 4000, which lets one configure the max size of the data portion in each cookie chunk and therefore work around the above issue.
Hi, Currently the data of each session cookie chunk is limited to 4000 bytes (hardcoded). However the
Set-Cookieheader itself is larger, as it contains more information about the cookie (e.g. expiration date, max age, samesite policy and so on) and that additional information can cause the cookie to exceed 4096 bytes, which is the size limit by Chrome. This in turn will cause theSet-Cookieheader to be discarded.This PR introduces a new configuration variable -
session.cookie.maxsize, defaulting to 4000, which lets one configure the max size of the data portion in each cookie chunk and therefore work around the above issue.