-
Notifications
You must be signed in to change notification settings - Fork 323
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mod_auth_openidc_state cookies increasing rapidly #108
Comments
You have to look in to your client code: apparently it fires a a large number of (possibly parallel) unauthenticated requests to your protected site. It would be better to first authenticate the user before doing those requests. |
And that all apparently happens after the session times out. It may be worth looking in to the |
any update on this? related to this is #113 where we're testing some improvements; if no further update I'll close this ticket |
For me at least, OIDCUnAuthAction was what was needed to make this work. Thank you. |
ok, so that was a matter of a large number of unauthenticated requests to an endpoint that was protected with OpenID Connect which shouldn't have been configured in that way, thanks |
more info here: https://github.com/pingidentity/mod_auth_openidc/wiki/Cookies |
I'm using a single OpenIDC server to connect to a load balanced backend nodejs app using ROUTEID for session affinity. This works for some time but then at times (don't know what triggers it) I get tons of cookies like this: mod_auth_openidc_state_1wxkjdkjsfksd. This eventually leads to the user being denied access to the site due to 'Size of request header field exceeds limit'. I have set the limit really high (32KB) but I still get it. Any ideas how I can fix the issue? I'm on Ubuntu 15.10 and apache 2.4 w/ mod_auth_openidc 1.6.0
Here is my config:
The text was updated successfully, but these errors were encountered: