When trying to log into a website recently I've ran into an error - Bad Request - Size of a request header field exceeds server limit: Cookie
. Immediately I opened the developer console and skipped over to the storage tab (in Safari). It showed me a thriving population of cookies living in my browser cache for the domain that website was running on.
The number of cookies was out of control and one was fairly large. Overall the total size of the cookies was well over 4kb. This doesn't seem like much, but RFC6265
only provisions for numbers in this area.
So I deleted the largest cookie and then was able to log in. Easy.
This kind of error bothers me though because it could have been very easily prevented. There are multiple parties that can be blamed in this case - the application developer, the server administrator, the web browser developer. Who is really to blame though? I say the majority responsibility is with the application developer but other parties can also help to improve user experience.
At least there is a way forward by manually deleting cookies! 🍪
A quick disclaimer...
Although I put in a great effort into researching all the topics I cover, mistakes can happen.
Use of any information from my blog posts should be at own risk and I do not hold any liability towards any information misuse or damages caused by following any of my posts.
All content and opinions expressed on this Blog are my own and do not represent the opinions of my employer (Oracle).
Use of any information contained in this blog post/article is subject to this disclaimer