-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bad Request - Request Too Long #10
Comments
Each time you sign in, it's storing more cookies in your browser. Since the domain is the same, the browser sends all of the cookies, including the stale ones. This is blowing up the cookie header fields and making the headers too long. To fix it, just clear your cookies. If you're testing your setup, I would recommend using a private browser. |
My organization and our clients are regularly seeing this issue. We use Azure AD w/ the Office 365 Suite of apps, Visual Studio Team Services, Azure Portal, and an Azure AD B2C instance. When using all of these applications at once in a browser, we encounter this error regularly. Clearing cookies is okay once in a while but gets annoying quickly. Furthermore, we can't also expect our customers who are using Azure AD B2C (via our applications) and other MSFT services to be expected to do the same. Is there anything we can do on our end to resolve this problem so we don't have to tell our customers to clear their cookies or use a private/incognito browser session - both of which are not reasonable expectations to put upon our customers? |
@RobARichardson I don't know if you'll get much traction on this thread... FYI, I just hit this error today using portal.azure.com. I posted it to SO. Hopefully, some more insights will come out of it. When I got the error originally, I figured I need to do more work in my app to prevent this. But today, I received it using the Azure portal. And based upon your desc, maybe there's a more fundamental problem here. Not sure. |
@RobARichardson , @spottedmahn , I replied to the StackOverflow post. Nothing too useful unfortunately given that there isn't a great answer today. Summary:
|
|
Totally understand where you guys are coming from. Clearing the cookies is meant for the scenario where it happens to devs, which has been the majority of the reported cases so far. But again, no argument that clearing cookies is (to put it mildly) an undesirable experience for end users. I believe (I'll let @parakhj chime in on this as I'm not on the B2C team anymore) that custom domains is one of the top priority items in the team's backlog, at which point this will be a nonissue. He should be able to provide a better ETA here (hopefully via an update to the feedback item). As for the issue being closed, that's because this isn't an issue with the sample itself, but a limitation of B2C itself which is being tracked via that outstanding feedback entry. |
Agreed with @gsacavdm above. Custom domains (the ability for you to choose your domain) is hitting a few technical issues, so we are working to enable a new domain that B2C tenants can run on (something like b2clogin.com). This will be shipped earlier than custom domains, so that you won't see the cookies issues that you are noticing on login.microsoftonline.com. I would vote this feature so that you know when we enable the preview for it. |
The feature requested to vote on is for enabling javascript for custom login page, is there a separate feature request for a new domain like b2clogin? |
We have moved over to using the b2clogin.com domain, but we are still getting this issue. I don't think it's right that this issue be closed. Edit: Just seen that this is closed because this issue is for the sample code. It's the first result on google for "b2clogin.com header field too long" which is how I arrived here. If anyone has any information about whether Microsoft are doing anything about this then it would be much appreciated. |
This is the name of the cookie being stored: "x-ms-cpim-rc" |
This is a problem for my organization as well. We went through a lot of hoops to get B2C as a solution and having no clear solution to this isn't going over well with the stakeholders. We are already using the b2clogin.com domain. Any guidance on clearing the offending cookies programmatically or otherwise would help. |
This issue should be reopened. The suggested feature request link is broken, the problem still persists. Our customers are hitting this. I have 94 |
Can we get some movement on fixing the failing state of azure demos? |
Are you experiencing this issue in dev environment or in live production? |
@Sipower In production. We have multiple websites using the same b2c which appears to amplify the problem, and it doesn't take long to run up a huge set of |
Hitting the same thing here. |
I no longer work at the Azure AD B2C team nor Microsoft, but FYI for others interested on this thread, the feature I reference a loooong time ago - custom domains is now available. That should help with this issue. |
@gsacavdm It doesn't help [much]. We are using a custom domain and still hit this issue regularly. |
Ah, sorry about that :S I'm not sure what B2C is stashing in the cookies these days that results in this error when you have an isolated domain. I'll defer to the Microsoft team to provide more insights. |
Just an FYI: I work on B2C team and our people are looking at this issue (not for the first time, I'll note--we've fixed this in the past). We'll report back as soon as we have more information. |
@jayallen Any update? Can we get this bug re-opened at least? |
@jayallen this has become super annoying for so many of our users. Even if they shutdown their devices and restart and re-open a web browser this issue can still occur, its literally blocking access for users to our Product we develop. If this type of thing is not resolved then we may need to switch providers purely because you can't even use the product, and the resolution steps are too troublesome especially for enterprise environments, where users do not have permission to modify their cookies or sessions due to their own IT policies. An update on this please will be great thank you |
@jayallen @DannyJHM @imercerwillow Just happened again to a user in production today >.< hoping for a resolution soon |
@jayallen, this is happening to us as well. The long cookie header search on google is how I came across this as well. It started happening after we implemented the custom domain with B2C and Azure Front Door. Is there any update? |
Haven't seen this in a while thankfully, but still hoping for an official resolution. Any updates are appreciated! @jayallen |
Issue is still occurring. If there is a fix, please let me know! |
Same for me, Issue is still occurring. Fails due to multiple x-ms-cpim-cache-{id} cookies. |
Upon signing into my tenant I'm receiving:
Attached is the full request: Bad Request - Request Too Long.txt
The first few sign-ins worked. I'm not sure what exactly changed to make it stop working. Any thoughts?
The text was updated successfully, but these errors were encountered: