We have started adding some user details to our cookies for other subdomains to access. This works great, however when a user goes to domain.com, the public website, that also adds more cookies, then coming back to some of the apps we get the 400 error Request Header or Cookie Too Large
I've googled and seen we can set nginx to allow a higher threshold, even one of our .Net servers gave us a similar error.
Looking at the cookies in Chrome dev toolbar, nothing looks like we exceed the limits documented. This is where I think I'm missing something. Is nginx purposefully configured too low? Or are these sizes mispresented?
Practical user agent implementations have limits on the number and size of cookies that they can store. General-use user agents SHOULD provide each of the following minimum capabilities:
o At least 4096 bytes per cookie (as measured by the sum of the length of the cookie's name, value, and attributes).
o At least 50 cookies per domain.
o At least 3000 cookies total.
Servers SHOULD use as few and as small cookies as possible to avoid reaching these implementation limits and to minimize network bandwidth due to the Cookie header being included in every request.
Servers SHOULD gracefully degrade if the user agent fails to return one or more cookies in the Cookie header because the user agent might evict any cookie at any time on orders from the user.
ref: https://www.ietf.org/rfc/rfc6265.txt
Our largest cookie is 2842 bytes, well under the 4096 limit. We have 30 cookies total, again under the 50 limit
If I delete about 1024bytes worth of cookies, it works. But I still have the top 3 largest there...
