502 Bad Gateway nginx - when USERID is email address

[bensonbrad]

Hi John, We use User-Switching to provide customer support on our WordPress Multisite, MissionNext.org. It works great 90 % of the time. Thank you! When we released our updated website in 9/2023, we began to see 502 BAD Gateway errors when using User-Switching. Usually clearing browser cash it would work again. But we saw a pattern where if the USERID for the user we were switching to had an email address for their USERID, we got the 502 Gateway error. If the USER ID was only letters and numbers it would switch normally

Our customer service could switch to ALL OTHER Education subsite accounts INCLUDING one that had an email for their username: (username: [*@***.edu.bd]. In this case the email address was very short.

They could not switch to Journey Subsite accounts that had email addresses for their usernames. Only the other accounts. We have up to 4000 user accounts.

There is a total of seven Journey subsite accounts that use emails as usernames and I cannot switch to any of them, but I have no issues switching to the other accounts.

Please advice how we could fix this. Is it something in User-Switching? Is it something in nginx? A field length limitation? Limited memory?

Thank You for your help.

JBB

[johnbillion]

Thanks for the report. There have been a handful of reports over the years of 502 errors when switching between users and the underlying cause usually turns out to be that the total size of the cookies that get set contribute to the header size of the HTTP response exceeding the limit in Nginx. I believe the limit is just 4kb in some configurations. Issue #45 has the most discussion on this topic, with some links to related support threads.

If the email addresses on your site are quite long then yes, they could contribute to this because when you switch users you'll have potentially several authentication cookies set by both WordPress and by User Switching that all contain the email address. I guess it's just an unfortunate coincidence that the length of the emails pushes the total size of the headers in the response over the Nginx limit. This also explains why clearing your browser cache helps because it also clears out any other cookies that contribute to the total size of the response headers.

Suggestions:

• Take a look at the Nginx error log on your server, if you see "upstream sent too big header" errors when switching users then this confirms the cause
• This Stackoverflow answer should help with the Nginx configuration required, I don't recall if it's the fastcgi_* or proxy_* configuration that needs to be changed, or both.

Let me know how you get on.

[bensonbrad]

Hi John, Thank you for your fast reply and the information on [Issue #45] (https://github.com/johnbillion/user-switching/issues/45). I added additional directives fastcgi_buffers 4 256k; and fastcgi_buffer_size 256k; to our main site. But the problem remained. I then checked our subsites and there were no additional nginx directives for Journey or Education subsites. When I added the directives below to the two subsites, User Switching worked great. I may not have needed the additional directives fastcgi_buffers 4 256k; and fastcgi_buffer_size 256k; to fix the problem. I may remove these to see of User Switching is still works. Thank you !! Much appreciated.

• JBB

  ---

fastcgi_buffers 4 256k; (added) fastcgi_buffer_size 256k; (added) proxy_buffer_size 128k; (changed to proxy_buffer_size 256k) proxy_buffers 4 256k; proxy_busy_buffers_size 256k;