search

vercel / next.js

The React Framework
https://nextjs.org
MIT License
126.9k stars 26.98k forks source link

Cookie size exceeding 10KB causing AWS Lambda invocation error with NextAuth session #70175

Closed PramodTKodag closed 1 month ago

PramodTKodag commented 1 month ago

Link to the code that reproduces this issue

https://dev.contnt.io/feed

To Reproduce

  1. Go to the sign-in page at https://dev.contnt.io/signin.
  2. Log in using Google authentication or by entering your credentials.
  3. After successful authentication, you will be redirected to the /feed page.
  4. Due to the large header size, you will see an error message displayed on the screen: Request must be smaller than 6291456 bytes for the invocation operation

Current vs. Expected behavior

Current Behavior:

  1. After successful authentication, the /feed page fails to load due to the large cookie size, resulting in the following error: "Request must be smaller than 6291456 bytes for the invocation operation"
  2. The large cookie size (exceeding 10KB) causes AWS Lambda to reject the request because Lambda cannot handle headers larger than 10KB.

Expected Behavior:

  1. After successful authentication, the /feed page should load without errors.
  2. The size of the cookies (including session data from next-auth and other libraries) should stay within the 10KB limit, allowing the application to work smoothly without hitting the AWS Lambda header size limit.
  3. next js should not pass all the cookies to the pages

Provide environment information

Operating System:
  Platform: Linux
  Arc: Ubuntu
  Version: 22.04
Binaries:
  Node: 18.17.1
  npm: 9.6.7
  Yarn: 1.22.19
Relevant Packages:
  next: 14.2.5
  eslint-config-next: 14.2.5
  react: 18.3.1
  react-dom: 18.3.1
  typescript: 5.1.6
  next-auth: 4.24.7
Next.js Config:
  output: {
  output: 'standalone',
  poweredByHeader: false,
  env: {
    ...
  },
  experimental: {
    staleTimes: { dynamic: 30, static: 180 },
    webVitalsAttribution: [ 'CLS', 'LCP' ]
  },
  onDemandEntries: { maxInactiveAge: 100000, pagesBufferLength: 5 },
  logging: { fetches: { fullUrl: true, hmrRefreshes: true } },
  headers: async headers() {
    return [
      {
        source: "/:all*(svg|jpg|png)",
        locale: false,
        headers: [
          {
            key: "Cache-Control",
            // 1 year, with immutable directive
            value: "public, max-age=31536000, immutable",
          },
        ],
      },
    ];
  },
  images: {
    minimumCacheTTL: 31536000,
    unoptimized: true,
    remotePatterns: [
     ...
    ],
    dangerouslyAllowSVG: true
  },
  devIndicators: { buildActivity: true, buildActivityPosition: 'bottom-right' },
  optimizeFonts: true,
  webpack: [Function: webpack]
}

Which area(s) are affected? (Select all that apply)

Developer Experience, Navigation, Output (export/standalone), Runtime

Which stage(s) are affected? (Select all that apply)

next dev (local), Other (Deployed)

Additional context

This error occurs because of the large size of the cookies being sent to every page in a request. Due to the session data and other libraries storing data in cookies, the combined size exceeds 10KB, which is more than what AWS Lambda can handle for headers (10KB limit).

github-actions[bot] commented 1 month ago

We could not detect a valid reproduction link. Make sure to follow the bug report template carefully.

Why was this issue closed?

To be able to investigate, we need access to a reproduction to identify what triggered the issue. We need a link to a public GitHub repository (template for App Router, template for Pages Router), but you can also use these templates: CodeSandbox: App Router or CodeSandbox: Pages Router.

The bug template that you filled out has a section called "Link to the code that reproduces this issue", which is where you should provide the link to the reproduction.

What should I do?

Depending on the reason the issue was closed, you can do the following:

In general, assume that we should not go through a lengthy onboarding process at your company code only to be able to verify an issue.

My repository is private and cannot make it public

In most cases, a private repo will not be a sufficient minimal reproduction, as this codebase might contain a lot of unrelated parts that would make our investigation take longer. Please do not make it public. Instead, create a new repository using the templates above, adding the relevant code to reproduce the issue. Common things to look out for:

I did not open this issue, but it is relevant to me, what can I do to help?

Anyone experiencing the same issue is welcome to provide a minimal reproduction following the above steps by opening a new issue.

I think my reproduction is good enough, why aren't you looking into it quickly?

We look into every Next.js issue and constantly monitor open issues for new comments.

However, sometimes we might miss one or two due to the popularity/high traffic of the repository. We apologize, and kindly ask you to refrain from tagging core maintainers, as that will usually not result in increased priority.

Upvoting issues to show your interest will help us prioritize and address them as quickly as possible. That said, every issue is important to us, and if an issue gets closed by accident, we encourage you to open a new one linking to the old issue and we will look into it.

Useful Resources