Bad Request - Request Too Long HTTP Error 400. The size of the request headers is too long

Question

Some of my users are getting the following error sometimes when they request some of the pages of my site: Bad Request - Request Too Long HTTP Error 400. The size of the request headers is too long

It seems to happen only in Firefox.

Deleting the users cookies does help.

What I don't understand is the following: I thought that cookies are appended to every request. Why is it that only one or two of my pages show this error and most do never?

It is also not dependent on the server page. If the user requests http://example.com/user/Myname he might get the error. If he just changes the capitalization of the URL it works again (like http://example.com/user/myname). (I am running IIS which does not care too much about capitalization).

For the browser the two URLs are different, for the server they aren't.

Any idea what is happening?

score 34 · Accepted Answer · edited Jul 30 '13 at 19:48

34

It seems that there were too many cookies after all. I made sure that there were not so many and it is working now.

edited Jul 30 '13 at 19:48

GatesReign

826
1
9
23

answered Feb 24 '13 at 13:09

Sparhawk

1,517
1
14
28

1

This just happened to me with Ubuntu & Firefox accessing Office365 after the last update. Worked on other computers not my office one. Cleared the Office365 & microsoftonline.com cookies and I am back in! – Phil Lawlor Aug 31 '15 at 12:27

score 22 · Answer 2 · answered Feb 04 '14 at 19:23

Some of our users also ran into this same exception on IE 8 for some our our intranet sites hosted in IIS. The issue turned out to be related to using Kerberos authentication where a user belongs to many active directory groups.

We found solutions from the following Microsoft Support Articles:

HTTP 400 - Bad Request (Request Header too long)" error in Internet Information Services (IIS)
Problems with Kerberos authentication when a user belongs to many groups

The fix for us was to set the following registry keys with increased values and/or create them if they didn't exist:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxFieldLength DWORD (32bit) - assigned value data 32000 (Decimal)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxRequestBytes DWORD (32bit) - assigned value data 8777216 (Decimal)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters] "MaxFieldLength"=dword:00007d00 "MaxRequestBytes"=dword:0085ee00

You need to restart the PC for registry entries to take effect. — SharpCoder, Feb 08 '18 at 19:01

Iman · Answer 3 · 2018-09-11T07:46:14.670

12

Solution 1

delete all domain cookie from your browser

In Firefox 53

Alt -> Tools -> Page Info
Security
View Cookies
Remove All

In Chrome check this superuser solution

Solution 2

Install Web Developer extension ( Firefox ,Chrome , Opera)
go to cookies tab -> Delete Domain Cookies like below screenshot

Solution 3

use incognito mode and see if it works for you

More details:

I had the same problem in Chrome and using a list from SharePoint.

after diagnosing with Chrome developer dashboard's network tab. I checked the headers and find the large cookie starting with the name WSS_exp and removing all of them from chrome cookie manager resolved my problem

edited Sep 11 '18 at 07:46

answered Nov 28 '13 at 06:13

Iman

17,932
6
80
90

The first solution is for chrome. The OP asked an answer for Firefox – Hybris95 Jun 06 '17 at 09:02
@Hybris95, I have not noticed that. It is fixed now – Iman Jun 09 '17 at 20:28

score 9 · Answer 4 · answered Oct 26 '15 at 14:08

The problem is due to a cookie that has become corrupted. The easy solution is to delete all your cookies but here is the best way to solve that specific issue, I have created a customized guide for Firefox, Chrome, and Internet Explorer. See here : http://timourrashed.com/how-to-fix-the-400-bad-request-error-message-from-a-website/

score 1 · Answer 5 · answered Apr 09 '21 at 14:17

Another reason for this error stems from the user being in too many active directory groups. More modern SSRS versions do not have this problem.

It appears that the list of AD groups get passed in along in an HTTP header. Older versions of SQL Server Reporting Services have a header size limitation. So if a user is in a excessive number of groups, the easiest fix will be to remove unneeded groups.

If removing groups is not an option, you should be able to edit the web.config file and increase the limit. You can see how to do that here... https://www.mssqltips.com/sqlservertip/4688/resolving-the-maximum-request-length-exceeded-exception-in-sql-server-reporting-services/

score 0 · Answer 6 · answered Aug 02 '22 at 02:38

This answer is only in the case of using the browser Local Storage to store users' data.

Because the Local Storage has a limit of 5MB per domain, it's never cleared on its own, and there is no expiry date to remove data. When the local storage reaches the 5MB limit then starts storing data as cookies. Later, when the size of cookies reaches 1MB, the browser shows the 400 error (the size of the request headers is too long).

In this case, it is better to clear the unnecessary data from the local storage after using them.

score 0 · Answer 7 · answered Jun 28 '23 at 14:36

This happens only in Firefox and happens with some regularity. It is therefore not a "cookie problem" but rather a crappy application problem. Stop using Firefox and this problem goes away. Keep using Firefox and every so often you'll get this problem and have to fix it over and over again.

score -1 · Answer 8 · answered Apr 13 '20 at 13:38

-1

I used ViewData instead of TempData, and issue solved.

answered Apr 13 '20 at 13:38

Bassel

133
2
7

Bad Request - Request Too Long HTTP Error 400. The size of the request headers is too long

8 Answers8

Linked