Ability To Reduce Cookie Size by Excluding Metadata

[J43fura]

Ability To Reduce Cookie Size by Excluding Metadata

Summary:
I would like to request the ability of a reduction in the cookie size for Supabase Auth by excluding metadata from being stored in the cookie. By default, Supabase Auth currently stores metadata in the session cookie, leading to larger cookie sizes that can negatively impact performance & user experience, especially in environments where cookie size limits are a concern.

Motivation:

1. Compliance with Cookie Size Limits: Many web browsers and reverse proxies impose strict limits on cookie sizes (often around 8KB). Exceeding this limit can lead to unexpected behaviors, including rejection of cookies (python-websockets, Nuxt, Cloudflare...) causing 431 Request Header Fields Too Large issues.

2. Better Developer Control: Allowing developers to disable the storing of metadata in the cookie if necessary will give developers better control over the size and contents of the authentication cookies.

Proposed Solution:

• Optional disable: Provide a configuration option for developers to disable metadata storage in cookies if needed.

Additional Considerations:

• For applications that require metadata, developers could access it securely from the server side or via API calls instead of storing it in cookies.

Related issues:

• Large Auth Cookie Split Into 2 Causing Realtime Failures, etc supabase-js#963 (comment)
• Self-hosted Supabase combined with supabase/ssr sets 4 cookies in some occasions ssr#56
• Some JWTs exceed Cloudflare header size limits & Nginx defaults auth#1754
• Large Auth Cookie Split Into 2 Causing Realtime Failures, etc supabase-js#963

---

Thank you for considering this request! Reducing the default cookie size and providing flexibility to developers will enhance the performance and scalability of applications using Supabase Auth.