-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
session cookie value is exceedingly long and fails Set-Cookie with invalid syntax #142
Labels
Comments
The length of the cookie is simply based on what you store in req.session. here is the contents of your cookie above: Formatted JSON Data
{
"nowInMinutes":26608075,
"claims":"%7B%22firstname%22%3A%22Carey%22%2C%22aid%22%3A%22a660709%22%2C%22groups%22%3A%5B%22*Accenture%20AppDev%22%2C%22*Application%20Architecture%22%2C%22*BBTG%20Virtual%20Estimators%22%2C%22*CED%22%2C%22*DTT-AllContingentWorkers-AllLocations%22%2C%22*EA%20NOW%22%2C%22*EAAS%20-%20Business%20Capabilities%22%2C%22*Emerging%20Platform%20Commerce%20API_mDot_Tablet%20Status%22%2C%22*Enterprise%20Service%20Platform%22%2C%22*ESPProductTeam%22%2C%22*Fast%20Bizman%20Users%22%2C%22*IS-AD%20Channels%20DotCom%20ACN%20Svcs%20On%22%2C%22*IT.ACN.Architecture%22%2C%22*MCCP%20Search%22%2C%22*MCE%20On-Shore%22%2C%22*MCE%20Technology%20Governance%22%2C%22*PUAM-users%22%2C%22*Tea%20Leaf%20Users%22%2C%22_US-All-Corp-Users%22%2C%22~DelBBY-U-hipchat-users%22%2C%22AccentureIntegrationTeam%22%2C%22Architects-CW%22%2C%22AZ-EntSandboxSub-BBY-AG4-AKS-Sandbox-RG-USC-Contributor%22%2C%22BBY%20ALM%20Users%22%2C%22BBY-CleanBoard%22%2C%22BBY-CleanBoard-INT%22%2C%22BBY-Corporate-ContractorsSub4%22%2C%22BBY-ESP-ADMIN%22%2C%22BBY-ICR-DEV%22%2C%22BBY-MFAEnable-USCorp%22%2C%22BBY-R-CS01CORP-APPS.Corp.IS.Dept.Apps.TechArch-FP-C%22%2C%22BBY-R-CS01CORP-Files.Corp.IS.940150.RES.PVCS-RO-FP-R%22%2C%22BBY-R-CS01CORP-Files.Corp.IS.RES.EntInfArch-FP-C%22%2C%22BBY-R-RSA-VPN-AP-U%22%2C%22BBY-R-STAR-SV-USERS%22%2C%22BBY-R-WTSOracleSQLDev-AP-U%22%2C%22BBY-R-WTSPeregrine-AP-U%22%2C%22BBY-R-WTSRemoteDesktop-AP-U%22%2C%22BBY-R-WTSSQLTools-AP-U%22%2C%22bby-t-pki-clientserver-std-manual%22%2C%22bby-t-pki-clientserver-std-manual-test%22%2C%22bby-t-pki-server-std-manual%22%2C%22BBY-U-AP-MMT-SystemAdmin-qa%22%2C%22BBY-U-AP-TeaLeaf-U%22%2C%22BBY-U-AVECTO-Developer%22%2C%22BBY-U-AVECTO-Restricted%22%2C%22Bby-u-contingentworkers-SubA%22%2C%22BBY-U-CQ1-S3-EXT-RW-DEV%22%2C%22BBY-U-CQ1-S3-INT-RW-DEV%22%2C%22BBY-U-JDA-SU-DEV%22%2C%22BBY-U-LCSExceptionUsers%22%2C%22bby-u-pki-rkm-datacenter-manual%22%2C%22bby-u-pki-rkm-datacenter-manual-test%22%2C%22BBY-U-RASC-BSKT-ADMIN-DEV%22%2C%22BBY-U-RASC-BSKT-ADMIN-PROD%22%2C%22BBY-U-RASC-BSKT-UI-BUSR%22%2C%22BBY-U-RASC-TFS-IT-DEV%22%2C%22BBY-U-RISS-LegArchiving%22%2C%22BBY-U-RISS-SelectiveArchiving-1%22%2C%22BBY-U-SecureAuth_SoftTokenUsers%22%2C%22BBY-U-slack-users%22%2C%22BBY-U-TM-Accenture%22%2C%22BBY-U-TM-AzDO-FMSMobile-DEV%22%2C%22BBY-U-TM-BestBuy%22%2C%22BBY-U-TM-CrashPlan-Self-Install%22%2C%22BBY-U-USERS-ELA-Prod-ESP_POWER%22%2C%22BBY-U-VPNUserAccess%22%2C%22C_IT_MCCP_DEV%22%2C%22C110-940150C%22%2C%22C110-940530C%22%2C%22Cisco-Segmentation-Business%22%2C%22ConsumerPrivacyReporting-Dev%22%2C%22EnterpriseRulesEngineCapability%22%2C%22ESPDevTeam%22%2C%22ESPIntegrationDev-ACN%22%2C%22FS_ONEDRIVE-USERS_POC%22%2C%22GGPTEST%22%2C%22Integration-ACN_Leads%22%2C%22iOS%20users%20req%207.0.6%22%2C%22LegalHoldReminder%22%2C%22MFAOutageComm%22%2C%22PPE-Standard-Policy%22%2C%22Sign%20Release%203%20Delivery%22%2C%22StaticScanningCustomers%22%2C%22US-All-ContractorsSub4%22%2C%22US-All-Employees-CW-A.B%22%2C%22US-BBY-AllContingentWorkers%22%2C%22X_LastPassUsers%22%5D%7D",
"authenticated":"true"
} It seems you need to reduce the size of your claims value or convert to a server side session store. |
doh! That totally makes sense now and clearly indicates where our problem is, thanks Doug! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
We are deploying an Express app on Node 12.18.2 and this app is deployed in a docker container and running on OpenShift. When we deploy that container to our lower environments everything works fine, however when we deploy the app to our production cluster the session cookie is not getting set and what I am seeing is the following:
`Server: Apache/2.4.6 (Red Hat Enterprise Linux)
Set-Cookie: session=eyJub3dJbk1pbnV0ZXMiOjI2NjA4MDc1LCJjbGFpbXMiOiIlN0IlMjJmaXJzdG5hbWUlMjIlM0ElMjJDYXJleSUyMiUyQyUyMmFpZCUyMiUzQSUyMmE2NjA3MDklMjIlMkMlMjJncm91cHMlMjIlM0ElNUIlMjIqQWNjZW50dXJlJTIwQXBwRGV2JTIyJTJDJTIyKkFwcGxpY2F0aW9uJTIwQXJjaGl0ZWN0dXJlJTIyJTJDJTIyKkJCVEclMjBWaXJ0dWFsJTIwRXN0aW1hdG9ycyUyMiUyQyUyMipDRUQlMjIlMkMlMjIqRFRULUFsbENvbnRpbmdlbnRXb3JrZXJzLUFsbExvY2F0aW9ucyUyMiUyQyUyMipFQSUyME5PVyUyMiUyQyUyMipFQUFTJTIwLSUyMEJ1c2luZXNzJTIwQ2FwYWJpbGl0aWVzJTIyJTJDJTIyKkVtZXJnaW5nJTIwUGxhdGZvcm0lMjBDb21tZXJjZSUyMEFQSV9tRG90X1RhYmxldCUyMFN0YXR1cyUyMiUyQyUyMipFbnRlcnByaXNlJTIwU2VydmljZSUyMFBsYXRmb3JtJTIyJTJDJTIyKkVTUFByb2R1Y3RUZWFtJTIyJTJDJTIyKkZhc3QlMjBCaXptYW4lMjBVc2VycyUyMiUyQyUyMipJUy1BRCUyMENoYW5uZWxzJTIwRG90Q29tJTIwQUNOJTIwU3ZjcyUyME9uJTIyJTJDJTIyKklULkFDTi5BcmNoaXRlY3R1cmUlMjIlMkMlMjIqTUNDUCUyMFNlYXJjaCUyMiUyQyUyMipNQ0UlMjBPbi1TaG9yZSUyMiUyQyUyMipNQ0UlMjBUZWNobm9sb2d5JTIwR292ZXJuYW5jZSUyMiUyQyUyMipQVUFNLXVzZXJzJTIyJTJDJTIyKlRlYSUyMExlYWYlMjBVc2VycyUyMiUyQyUyMl9VUy1BbGwtQ29ycC1Vc2VycyUyMiUyQyUyMn5EZWxCQlktVS1oaXBjaGF0LXVzZXJzJTIyJTJDJTIyQWNjZW50dXJlSW50ZWdyYXRpb25UZWFtJTIyJTJDJTIyQXJjaGl0ZWN0cy1DVyUyMiUyQyUyMkFaLUVudFNhbmRib3hTdWItQkJZLUFHNC1BS1MtU2FuZGJveC1SRy1VU0MtQ29udHJpYnV0b3IlMjIlMkMlMjJCQlklMjBBTE0lMjBVc2VycyUyMiUyQyUyMkJCWS1DbGVhbkJvYXJkJTIyJTJDJTIyQkJZLUNsZWFuQm9hcmQtSU5UJTIyJTJDJTIyQkJZLUNvcnBvcmF0ZS1Db250cmFjdG9yc1N1YjQlMjIlMkMlMjJCQlktRVNQLUFETUlOJTIyJTJDJTIyQkJZLUlDUi1ERVYlMjIlMkMlMjJCQlktTUZBRW5hYmxlLVVTQ29ycCUyMiUyQyUyMkJCWS1SLUNTMDFDT1JQLUFQUFMuQ29ycC5JUy5EZXB0LkFwcHMuVGVjaEFyY2gtRlAtQyUyMiUyQyUyMkJCWS1SLUNTMDFDT1JQLUZpbGVzLkNvcnAuSVMuOTQwMTUwLlJFUy5QVkNTLVJPLUZQLVIlMjIlMkMlMjJCQlktUi1DUzAxQ09SUC1GaWxlcy5Db3JwLklTLlJFUy5FbnRJbmZBcmNoLUZQLUMlMjIlMkMlMjJCQlktUi1SU0EtVlBOLUFQLVUlMjIlMkMlMjJCQlktUi1TVEFSLVNWLVVTRVJTJTIyJTJDJTIyQkJZLVItV1RTT3JhY2xlU1FMRGV2LUFQLVUlMjIlMkMlMjJCQlktUi1XVFNQZXJlZ3JpbmUtQVAtVSUyMiUyQyUyMkJCWS1SLVdUU1JlbW90ZURlc2t0b3AtQVAtVSUyMiUyQyUyMkJCWS1SLVdUU1NRTFRvb2xzLUFQLVUlMjIlMkMlMjJiYnktdC1wa2ktY2xpZW50c2VydmVyLXN0ZC1tYW51YWwlMjIlMkMlMjJiYnktdC1wa2ktY2xpZW50c2VydmVyLXN0ZC1tYW51YWwtdGVzdCUyMiUyQyUyMmJieS10LXBraS1zZXJ2ZXItc3RkLW1hbnVhbCUyMiUyQyUyMkJCWS1VLUFQLU1NVC1TeXN0ZW1BZG1pbi1xYSUyMiUyQyUyMkJCWS1VLUFQLVRlYUxlYWYtVSUyMiUyQyUyMkJCWS1VLUFWRUNUTy1EZXZlbG9wZXIlMjIlMkMlMjJCQlktVS1BVkVDVE8tUmVzdHJpY3RlZCUyMiUyQyUyMkJieS11LWNvbnRpbmdlbnR3b3JrZXJzLVN1YkElMjIlMkMlMjJCQlktVS1DUTEtUzMtRVhULVJXLURFViUyMiUyQyUyMkJCWS1VLUNRMS1TMy1JTlQtUlctREVWJTIyJTJDJTIyQkJZLVUtSkRBLVNVLURFViUyMiUyQyUyMkJCWS1VLUxDU0V4Y2VwdGlvblVzZXJzJTIyJTJDJTIyYmJ5LXUtcGtpLXJrbS1kYXRhY2VudGVyLW1hbnVhbCUyMiUyQyUyMmJieS11LXBraS1ya20tZGF0YWNlbnRlci1tYW51YWwtdGVzdCUyMiUyQyUyMkJCWS1VLVJBU0MtQlNLVC1BRE1JTi1ERVYlMjIlMkMlMjJCQlktVS1SQVNDLUJTS1QtQURNSU4tUFJPRCUyMiUyQyUyMkJCWS1VLVJBU0MtQlNLVC1VSS1CVVNSJTIyJTJDJTIyQkJZLVUtUkFTQy1URlMtSVQtREVWJTIyJTJDJTIyQkJZLVUtUklTUy1MZWdBcmNoaXZpbmclMjIlMkMlMjJCQlktVS1SSVNTLVNlbGVjdGl2ZUFyY2hpdmluZy0xJTIyJTJDJTIyQkJZLVUtU2VjdXJlQXV0aF9Tb2Z0VG9rZW5Vc2VycyUyMiUyQyUyMkJCWS1VLXNsYWNrLXVzZXJzJTIyJTJDJTIyQkJZLVUtVE0tQWNjZW50dXJlJTIyJTJDJTIyQkJZLVUtVE0tQXpETy1GTVNNb2JpbGUtREVWJTIyJTJDJTIyQkJZLVUtVE0tQmVzdEJ1eSUyMiUyQyUyMkJCWS1VLVRNLUNyYXNoUGxhbi1TZWxmLUluc3RhbGwlMjIlMkMlMjJCQlktVS1VU0VSUy1FTEEtUHJvZC1FU1BfUE9XRVIlMjIlMkMlMjJCQlktVS1WUE5Vc2VyQWNjZXNzJTIyJTJDJTIyQ19JVF9NQ0NQX0RFViUyMiUyQyUyMkMxMTAtOTQwMTUwQyUyMiUyQyUyMkMxMTAtOTQwNTMwQyUyMiUyQyUyMkNpc2NvLVNlZ21lbnRhdGlvbi1CdXNpbmVzcyUyMiUyQyUyMkNvbnN1bWVyUHJpdmFjeVJlcG9ydGluZy1EZXYlMjIlMkMlMjJFbnRlcnByaXNlUnVsZXNFbmdpbmVDYXBhYmlsaXR5JTIyJTJDJTIyRVNQRGV2VGVhbSUyMiUyQyUyMkVTUEludGVncmF0aW9uRGV2LUFDTiUyMiUyQyUyMkZTX09ORURSSVZFLVVTRVJTX1BPQyUyMiUyQyUyMkdHUFRFU1QlMjIlMkMlMjJJbnRlZ3JhdGlvbi1BQ05fTGVhZHMlMjIlMkMlMjJpT1MlMjB1c2VycyUyMHJlcSUyMDcuMC42JTIyJTJDJTIyTGVnYWxIb2xkUmVtaW5kZXIlMjIlMkMlMjJNRkFPdXRhZ2VDb21tJTIyJTJDJTIyUFBFLVN0YW5kYXJkLVBvbGljeSUyMiUyQyUyMlNpZ24lMjBSZWxlYXNlJTIwMyUyMERlbGl2ZXJ5JTIyJTJDJTIyU3RhdGljU2Nhbm5pbmdDdXN0b21lcnMlMjIlMkMlMjJVUy1BbGwtQ29udHJhY3RvcnNTdWI0JTIyJTJDJTIyVVMtQWxsLUVtcGxveWVlcy1DVy1BLkIlMjIlMkMlMjJVUy1CQlktQWxsQ29udGluZ2VudFdvcmtlcnMlMjIlMkMlMjJYX0xhc3RQYXNzVXNlcnMlMjIlNUQlN0QiLCJhdXRoZW50aWNhdGVkIjoidHJ1ZSJ9; path=/; expires=Mon, 03 Aug 2020 20:25:08 GMT; secure; httponly
Set-Cookie: session.sig=8Nqpg9Tb4xBO0xo3wXGa5-n6GiQ; path=/; expires=Mon, 03 Aug 2020 20:25:08 GMT; secure; httponly
This Set-Cookie had invalid syntax`
Compare that with the cookie value that gets generated in one of our lower envs (see below) and it obvious that something is very different in prod.
Server: Apache/2.4.6 (Red Hat Enterprise Linux) Set-Cookie: session=eyJub3dJbk1pbnV0ZXMiOjI2NjA4MDcyLCJjbGFpbXMiOiIlN0IlMjJmaXJzdG5hbWUlMjIlM0ElMjJDYXJleSUyMiUyQyUyMmFpZCUyMiUzQSUyMmE2NjA3MDklMjIlMkMlMjJncm91cHMlMjIlM0ElNUIlMjJCQlktVS1SQVNDLUJTS1QtVUktQlVTUiUyMiU1RCU3RCIsImF1dGhlbnRpY2F0ZWQiOiJ0cnVlIn0=; path=/; expires=Mon, 03 Aug 2020 20:22:18 GMT; secure; httponly Set-Cookie: session.sig=wZUBEZREs5han-GFVAAZsPcCWdA; path=/; expires=Mon, 03 Aug 2020 20:22:18 GMT; secure; httponly
Here is our cookie-session implementation (keys have been scrubbed):
app.use( cookieSession({ name: "session", keys: ["*********"], maxAge: 30 * 60000, }) );
Any thoughts on what could be causing the cookie value to be what it is in prod?
Thanks for any help you can provide!
The text was updated successfully, but these errors were encountered: