Redirect not working after creating a user

Question

So I was working on a website the other day where I created a route to handle the registration process for users. This worked fine, when I tested it some days ago.

Then I worked on some other stuff on my website (login and profile site and such stuff) and when I came back to test some other stuff (I needed to make a new user account, because I added some stuff) the registration did not work anymore.

This is my code:

app.post('/signup', (req, res) => {
  if (!req.body.accept) {
    res.redirect('/signup?error=must_accept')
  }

  // E-Mail exists in database
  connection.query('SELECT LogMail FROM u WHERE LogMail = ?;', req.body.mail, function(err, rows, fields) {
    if (err) throw err;

    if (rows.length > 0) {
      console.log('this email exists already')
    } else {
      key_pair = generate_key_pair()
      datetime = getDateTime()

      user = {
        ID_u: generate_ID(),
        Created: datetime,
        LogMail: req.body.mail,
        Verified: '0000-00-00 00:00:00',
        Password: hash_password(req.body.password),
        Token: generate_token(),
        PrivKey: encrypt_private_key(key_pair.private_key, req.body.password),
        PubKey: key_pair.public_key,
        Cookies: datetime,
        TermsOfUse: datetime,
        PrivacyPolicy: datetime,
      }

      let value = [
        [
          user.ID_u,
          user.Created,
          user.LogMail,
          user.Verified,
          user.Password,
          user.Token,
          user.PrivKey,
          user.PubKey,
          user.Cookies,
          user.TermsOfUse,
          user.PrivacyPolicy,
        ]
      ]

      decrypted_private_key = decrypt_private_key(user.PrivKey, req.body.password)

      req.session.mail = user.LogMail
      req.session.token = user.Token
      req.session.private_key = decrypted_private_key

      console.log(decrypted_private_key)

      if (req.body.stay) {
        res.cookie('mail', user.LogMail, {
          maxAge: 1000 * 86400 * 14,
          httpOnly: true
        });
        res.cookie('token', user.Token, {
          maxAge: 1000 * 86400 * 14,
          httpOnly: true
        });
        res.cookie('private_key', decrypted_private_key, {
          maxAge: 1000 * 86400 * 14,
          httpOnly: true
        })
      }

      connection.query('INSERT INTO u (ID_u, Created, LogMail, Verified, Password, Token, PrivKey, PubKey, Cookies, TermsOfUse, PrivacyPolicy) VALUES (?)', value, (err, rows, fields) => {
        if (err) throw err
      })

      res.redirect('/profile') // THE SCRIPT BREAKS HERE
      return
    }
  })
})

When I now call this route by clicking on the submit button on the /signup page, the code runs up to the marked point (the point with "THE SCRIPT BREAKS HERE") and then my browser just shows 502 Bad Gateway, but the URL does not change to /profile, the browser just shows this message.

I also do not get any error code or anything in the console, it just breaks there, if I do a console.log right before or between the res.redirect('/profile') and the return then it gets printed to the console, but I don't get any errors and I have no clue what this is, not even what I could google for in this case...

Answer 1

I think I have figured it out now (but I take any new information you have for me).

The thing seems to be, that I tried to put a whole RSA private key inside a cookie, which most browsers seem not be able to handle.

This seems to have something to do with the amount of data a cookie can store. On most browser's a cookie can store around 4096 bytes, but the RSA private key seems to take up more space (even tho a strlen function gave me 3433 characters (I assume that being 3433 bytes as well, at least I remember this about ASCII and Unicode)).

Please add a comment if you have any idea, whether I'm right with my suggestion, or if it is caused by some other reason.

And is there a better way of storing the RSA key except for splitting it and saving it in two separated cookies?