Amplify-js: 431 error when using cookieStorage for authentication

Created on 8 Apr 2020 · 13Comments · Source: aws-amplify/amplify-js

Describe the bug
Currently when enabling cookiestorage option for authentication eventually always leads to an 431 error code (431 Request Header Fields Too Large).

I understand this problem can be usually circumvented by raising the allowed http header size (e.g. in case of NodeJs adding a flag like --max-http-header-size 81000, but unfortunately in our situation this is not possible.

We are running our main webpage in Squarespace (e.g. https://example.com), and our react applications that utilize AWS Amplify run on multiple subdomains (e.g. https://app1.example.com and https://app2.example.com) and have set example.com as the cookieDomain in order to keep the user logged in when moving between app1 and app2. Unfortunately our lander home page running on Squarespace is not able to handle the large http headers caused by AWS Amplify and therefore our logged in users receive 431 errors when navigating back to the main site. At this point we cannot affect the allowed header size for our main webpage.

Are there any plans on making the cookiestorage based auth work with stricter http-header-size settings, or is there any other way to keep a user logged in when moving between multiple subdomains than cookies? 🙂

Auth question

Source

severi

👍2

Most helpful comment

This is tricky for sure, but there's not much we can do on the library side to solve this without impacting existing usage patterns.

For example, SSR support (#6146) required having an allowlist of which credentials to persist in cookies, to avoid 431 errors due to size.

One of our engineers was able to _further_ reduce this size by suppressing claims in the token:

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html#aws-lambda-triggers-pre-token-generation-example-1

Some values were duplicated in storage, so we forced de-duplication by ensuring Auth.signOut() was called before Auth.signIn(). (Our test had a permanent "Sign in" button, which is how we discovered duplicate credentials)

Further still, we investigated a custom storage adapter (similar to what I used in #6146) that compressed the keys/values before setting & decompressing when retrieving:

https://docs.amplify.aws/lib/auth/manageusers/q/platform/js#managing-security-tokens

Sharing credentials across multiple domains is tricky: cookie storage _can_ work, but has upper bounds that trigger 431s that are difficult to shrink down.

In our testing, these techniques were sufficient to cut our cookie values down to ~40% of what they were before, and avoiding 431 errors.

Hopefully one, some, or all of these tactics get the cookie size down as well 🙏

ericclemmons on 15 Sep 2020

👍2

All 13 comments

you can suppress some user attributes being returned on a pretoken lambda. There are good examples in the docs.

tomhirschfeld on 15 Apr 2020

I don't think this is the issue that causes the 431 problems in this case, we are anyway using a very limited amount of user attributes. In addition, this issue only arises over time, everything works initially. Now that I think about it, it seems like the cookies created by Amplify are either "growing over time", or it starts creating duplicate/new cookies without deleting old ones, which would then eventually lead to the 431 error.

I did some research and found out that in some cases the browser has contained for example multiple versions of Amplify's accessToken/clockDrift/idToken/refreshToken/userData cookies. This would explain why the 431 starts happening overtime, but I haven't done any more thorough debugging regarding this.

EDIT: now that I checked the duplicate cookies again, it seems that in this case the underlying stack has been recreated and therefore the userpool client id has changed, which causes the multiple cognito related cookies. But this has not been the case for example in our production setup so the underlying problem with getting 431 errors over time exist.

severi on 22 Apr 2020

The exact same issue is happening to us, so I will watch the issue

ialpert on 23 Apr 2020

@severi and @ialpert can you post the cookies created by Amplify when the issue happens and before that?

Its difficult to reproduce this exact issue. Can you help with creating a small repro app with steps to reproduce the error you are seeing?

Amplifiyer on 28 Apr 2020

@Amplifiyer I'll let you know if I manage to reproduce this locally, though cannot work on this actively.

severi on 4 May 2020

@Amplifiyer @severi
Hello, I faced the same issue lately.

You can reproduce this issue from following example code on your localhost.

document.cookie="CognitoIdentityServiceProvider.12356123.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.refreshToken=eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.Cuv3NiuNTM2TUkDoLrUSuuqn4hOugKvb7C8NRbsGtP39VDFZRY73UC4wPX5Dhyv9mELeYPjsXzZ_Pqa-GiipvshJ3M-NQBFL6ea89F5p2C-0pgEj58DtM_YttneO6u_L5mHSIbR_-KlF95L4vp_WSu6OPp4c9rB78bRXQgYsw__Fh0l2wW7DEA53dtdaIAIYgkycpheWZ6oxkNsWPgX6JHaGR-DHholSczrLBN7HxjX7SkP1-o3vuREONyHw6m6tIrafzhz1U0TI-esGVFtos-TIPn5tj8dRJShzXNx4GJ0JKlXvsH_gWsW3uu2Xv7IBw9ajRGu0h7Gw_WBcnqDIwA.X4BnP9tyAA9KQy_J.omGVMde79xoCXPlrcqPjyxIzTbcDoUk8n2W4JBwpv2w0bC2YcpLQCUnNhUl7nHObh67uUPxIQWisVU_xGPi3Ummfw3sCG34c5q-xOuV23QnUFi-2c4Oog9rty49fiowJJODi-htGS5G2f5g7oPhGPNqfmOV5y0lpw3dQglceMArmDAl1pr3B2v2Ao3aywZVqVQMdlQBYbW-Wd1aEWI7Zg_VUggsy8XzN7muQJ00KOZ-PP9ahtyhEvWcp8blHmmwUw_DsgDHaKdFapzDH6blcN2mSCRu495HGNIVtxUPykYpA7EiArFefj_QUDmyWwQ2ls2WbyNyRztTMK5pdVdVkNbmpcuNg5MOTF_nCk6pUa06msoTTR7Y_5ED4TclURadKcJeit2RztNlnlOOfFigLwxi2GJUR9kn4YJeEeMVQgGaVQ7qRD_9je83GH82MQG7q-tM9UWwUDn7NlnUb0T6VBuKGpr2EwEfbRKC6OJCE9mXwCZXwyh-JYxaDtg6Ti4O6Gj83135vYMLegOO40cOafXh_ZlVqc0Eix5-3doNCuWA4cDP4qbS1kRzOMiDc7RVL4DkzhTdsPOb322wyN8H4Yf1wdlONeov2WmnJKQjGYPx5wpCF8QX7QiRqqCzvWKNQmLckcnHgaZAs-bwpANze9k8SX1PDBukU59_KCEyXmFizdCzqHJO_7GZ1dNMaQcgPl0vC3DauwbBW3xG9WkNYN7I6tYJBqn5oCEBqgobaEh5H-gAMbu2FFhHcK5QLB2P8Sv5kzZ_JorRU_EJk22I171ZECnE29QXuNs3K-6-J4jUiyMbkp4CIrmVDuoA0DfOnkWqRCyzBR7LwatnoWiTyWfmXXfZ57I4R2-Pp-bNHmAymFDpnDauhLn-nVrii1qIzaL91i4pUN092mCHBWqHGH1d0wAzaiPF_ILjlLZsgJ6He__QhOBkmtiHSlBsr_NP2xlOs5zVcIzt3CAU03tOyTH6ZQAuMU9UtzngceXqfUU-cGMeve7xrg88gsT7Y8GYUAAvy93b3mK01rh68WMERbZNdWeF0145FSgv8MKyN_qTnHfQoyDUhA1D33ulyhQ1UtXnrXeowa8AqXrMEV_BSTD61KNNvdcPKbGzp4BXT-_rHG4ADakLkv6Btz9BW2IEUPGT6EDjU_Rrbeo1lEaT_Dj3p4CICuua6jGOA-q90nvb4lsJMox3ol7HyjbxIz9bk5Uo3YXVs2PRA-BWUTL6cFvTpbxBA_2ctZOlICG7vBHCJ1GBBBuqS4yPjFK7tsZNKz39Di2pBDytXGmb7Wdrgo6NJsLRVb3Y-NrqLbPPkhZpiJE1HFxLz4SkWrV48AtmU_xYJI-VGjExXVQ.gtePqBhQL6kkhElYPYwv0A; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.12356123.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.clockDrift=-37; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.12356123.LastAuthUser=b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.12356123.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.userData={%22UserAttributes%22:[{%22Name%22:%22sub%22%2C%22Value%22:%22b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f%22}%2C{%22Name%22:%22email_verified%22%2C%22Value%22:%22true%22}%2C{%22Name%22:%22email%22%2C%22Value%22:%[email protected]%22}]%2C%22Username%22:%22b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f%22}; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.12356123.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.idToken=eyJraWQiOiJIMWZXdGRFZjBoRnpqNWRGWmF2aEdwb3VkWGJcL2dOY1lGN1JmTWpDU0d5dz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJiNmRjOTQ4ZC1hMmMwLTQ3ZGUtODZlZS0xZDBhZmUwYjBlNWYiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaHR0cHM6XC9cL2hhc3VyYS5pb1wvand0XC9jbGFpbXMiOiJ7XCJYLUhhc3VyYS1BbGxvd2VkLVJvbGVzXCI6W1wiYWRtaW5cIixcImNvbnRlbnRfbWFuYWdlclwiLFwidXNlclwiLFwiYW5vbnltb3VzXCJdLFwiWC1IYXN1cmEtRGVmYXVsdC1Sb2xlXCI6XCJ1c2VyXCIsXCJYLUhhc3VyYS1Vc2VyLUlkXCI6XCJiNmRjOTQ4ZC1hMmMwLTQ3ZGUtODZlZS0xZDBhZmUwYjBlNWZcIn0iLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuYXAtc291dGhlYXN0LTEuYW1hem9uYXdzLmNvbVwvYXAtc291dGhlYXN0LTFfeTQycTBES0J4IiwiY29nbml0bzp1c2VybmFtZSI6ImI2ZGM5NDhkLWEyYzAtNDdkZS04NmVlLTFkMGFmZTBiMGU1ZiIsImhhc3VyYTppZCI6ImI2ZGM5NDhkLWEyYzAtNDdkZS04NmVlLTFkMGFmZTBiMGU1ZiIsImF1ZCI6IjJzM2tjb3BiM2Q4MmlobWx1ZDl2MDN1azloIiwiZXZlbnRfaWQiOiIzZWZjZTlhOS1kNGM0LTQ0YzYtOTk5YS1jYzk4YWI5NWQyMjYiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTU4ODgzMzczOSwiZXhwIjoxNTg4ODM3MzQxLCJpYXQiOjE1ODg4MzM3NDEsImVtYWlsIjoiZW5kaWdvXzE4QHlhaG9vLmNvbSJ9.pfMH7XIe0Fj7xoC74_mMGNJ8zlvaeRrjTXVHn5ctssC4PIEtPVI2_2VKIC7FpVwyXV7m42QvObzSOX_bMAiECD3_HaXX-yYhc_FxKJdNJ0H5Rp4dVcnFivBJ1coy3Nj_9VUCrGkiASSJl0iEwhAZpe8ZVp1u_bZ94v5nkXiJOg0MKT8hvfznDZhN76U95LnHmKaHnCiOsraNy39I_ecX4u4KcvtNanEkUz2fQQ-ArQdasfld66xQITqTh9vtro0WFN3PXfdw9QTLtLQa_tnHHGfrK_fwbCUNIWg3oTkQexgEAFMBqboiJgfeApOu41X6JGEqN80t29duwIGPqHvFTw; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.12356123.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.accessToken=eyJraWQiOiJMeXJwRWpveDVWNmN6UVRKcU9GTGIrK2dPUkJ0V0d1eGRreUgyb2hIMWdJPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJiNmRjOTQ4ZC1hMmMwLTQ3ZGUtODZlZS0xZDBhZmUwYjBlNWYiLCJldmVudF9pZCI6IjNlZmNlOWE5LWQ0YzQtNDRjNi05OTlhLWNjOThhYjk1ZDIyNiIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE1ODg4MzM3MzksImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1zb3V0aGVhc3QtMS5hbWF6b25hd3MuY29tXC9hcC1zb3V0aGVhc3QtMV95NDJxMERLQngiLCJleHAiOjE1ODg4MzczNDEsImlhdCI6MTU4ODgzMzc0MSwianRpIjoiMmI3NzVjZDUtNzEwNC00MDI1LWI4NTgtZjNmZmMzY2QxZjk1IiwiY2xpZW50X2lkIjoiMnMza2NvcGIzZDgyaWhtbHVkOXYwM3VrOWgiLCJ1c2VybmFtZSI6ImI2ZGM5NDhkLWEyYzAtNDdkZS04NmVlLTFkMGFmZTBiMGU1ZiJ9.AU4sY8eBzGcwYoVbgFNRU9slNCjB-ye3BLOPpYS6Ukh2rUsVkBrLAlN78KMUyzkvDdZudmjyXSsUpxD5U7TtXc9_aCQoTFVGNUHqJktLvaHdVFOqGqFaeAssgjr0jdfwTpqYoeTxrkVw_VILAKLqjYuF78Q1fHy6Ykf-qpvThZeDl-WRvlUM3R3eJIc4nPkKsAF-SqAnh6gSIwqYg_GaNiLHK3mZQyfJsHAlElzTaQR35U8phaG2k86B4bvsiv-qLB-0R3Lse74F5_OOjA877I147nVwBme3OPmGx8YEhiQaPZejPS_dTWuKa1M-m9_1HWejHi52n0XJtPQk9rtalg; expires=1589438947369; path=/; domain=localhost;"

document.cookie="CognitoIdentityServiceProvider.gjrwiogjoiwjrgoijr.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.refreshToken=eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.Cuv3NiuNTM2TUkDoLrUSuuqn4hOugKvb7C8NRbsGtP39VDFZRY73UC4wPX5Dhyv9mELeYPjsXzZ_Pqa-GiipvshJ3M-NQBFL6ea89F5p2C-0pgEj58DtM_YttneO6u_L5mHSIbR_-KlF95L4vp_WSu6OPp4c9rB78bRXQgYsw__Fh0l2wW7DEA53dtdaIAIYgkycpheWZ6oxkNsWPgX6JHaGR-DHholSczrLBN7HxjX7SkP1-o3vuREONyHw6m6tIrafzhz1U0TI-esGVFtos-TIPn5tj8dRJShzXNx4GJ0JKlXvsH_gWsW3uu2Xv7IBw9ajRGu0h7Gw_WBcnqDIwA.X4BnP9tyAA9KQy_J.omGVMde79xoCXPlrcqPjyxIzTbcDoUk8n2W4JBwpv2w0bC2YcpLQCUnNhUl7nHObh67uUPxIQWisVU_xGPi3Ummfw3sCG34c5q-xOuV23QnUFi-2c4Oog9rty49fiowJJODi-htGS5G2f5g7oPhGPNqfmOV5y0lpw3dQglceMArmDAl1pr3B2v2Ao3aywZVqVQMdlQBYbW-Wd1aEWI7Zg_VUggsy8XzN7muQJ00KOZ-PP9ahtyhEvWcp8blHmmwUw_DsgDHaKdFapzDH6blcN2mSCRu495HGNIVtxUPykYpA7EiArFefj_QUDmyWwQ2ls2WbyNyRztTMK5pdVdVkNbmpcuNg5MOTF_nCk6pUa06msoTTR7Y_5ED4TclURadKcJeit2RztNlnlOOfFigLwxi2GJUR9kn4YJeEeMVQgGaVQ7qRD_9je83GH82MQG7q-tM9UWwUDn7NlnUb0T6VBuKGpr2EwEfbRKC6OJCE9mXwCZXwyh-JYxaDtg6Ti4O6Gj83135vYMLegOO40cOafXh_ZlVqc0Eix5-3doNCuWA4cDP4qbS1kRzOMiDc7RVL4DkzhTdsPOb322wyN8H4Yf1wdlONeov2WmnJKQjGYPx5wpCF8QX7QiRqqCzvWKNQmLckcnHgaZAs-bwpANze9k8SX1PDBukU59_KCEyXmFizdCzqHJO_7GZ1dNMaQcgPl0vC3DauwbBW3xG9WkNYN7I6tYJBqn5oCEBqgobaEh5H-gAMbu2FFhHcK5QLB2P8Sv5kzZ_JorRU_EJk22I171ZECnE29QXuNs3K-6-J4jUiyMbkp4CIrmVDuoA0DfOnkWqRCyzBR7LwatnoWiTyWfmXXfZ57I4R2-Pp-bNHmAymFDpnDauhLn-nVrii1qIzaL91i4pUN092mCHBWqHGH1d0wAzaiPF_ILjlLZsgJ6He__QhOBkmtiHSlBsr_NP2xlOs5zVcIzt3CAU03tOyTH6ZQAuMU9UtzngceXqfUU-cGMeve7xrg88gsT7Y8GYUAAvy93b3mK01rh68WMERbZNdWeF0145FSgv8MKyN_qTnHfQoyDUhA1D33ulyhQ1UtXnrXeowa8AqXrMEV_BSTD61KNNvdcPKbGzp4BXT-_rHG4ADakLkv6Btz9BW2IEUPGT6EDjU_Rrbeo1lEaT_Dj3p4CICuua6jGOA-q90nvb4lsJMox3ol7HyjbxIz9bk5Uo3YXVs2PRA-BWUTL6cFvTpbxBA_2ctZOlICG7vBHCJ1GBBBuqS4yPjFK7tsZNKz39Di2pBDytXGmb7Wdrgo6NJsLRVb3Y-NrqLbPPkhZpiJE1HFxLz4SkWrV48AtmU_xYJI-VGjExXVQ.gtePqBhQL6kkhElYPYwv0A; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.gjrwiogjoiwjrgoijr.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.clockDrift=-37; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.gjrwiogjoiwjrgoijr.LastAuthUser=b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.gjrwiogjoiwjrgoijr.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.userData={%22UserAttributes%22:[{%22Name%22:%22sub%22%2C%22Value%22:%22b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f%22}%2C{%22Name%22:%22email_verified%22%2C%22Value%22:%22true%22}%2C{%22Name%22:%22email%22%2C%22Value%22:%[email protected]%22}]%2C%22Username%22:%22b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f%22}; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.gjrwiogjoiwjrgoijr.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.idToken=eyJraWQiOiJIMWZXdGRFZjBoRnpqNWRGWmF2aEdwb3VkWGJcL2dOY1lGN1JmTWpDU0d5dz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJiNmRjOTQ4ZC1hMmMwLTQ3ZGUtODZlZS0xZDBhZmUwYjBlNWYiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaHR0cHM6XC9cL2hhc3VyYS5pb1wvand0XC9jbGFpbXMiOiJ7XCJYLUhhc3VyYS1BbGxvd2VkLVJvbGVzXCI6W1wiYWRtaW5cIixcImNvbnRlbnRfbWFuYWdlclwiLFwidXNlclwiLFwiYW5vbnltb3VzXCJdLFwiWC1IYXN1cmEtRGVmYXVsdC1Sb2xlXCI6XCJ1c2VyXCIsXCJYLUhhc3VyYS1Vc2VyLUlkXCI6XCJiNmRjOTQ4ZC1hMmMwLTQ3ZGUtODZlZS0xZDBhZmUwYjBlNWZcIn0iLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuYXAtc291dGhlYXN0LTEuYW1hem9uYXdzLmNvbVwvYXAtc291dGhlYXN0LTFfeTQycTBES0J4IiwiY29nbml0bzp1c2VybmFtZSI6ImI2ZGM5NDhkLWEyYzAtNDdkZS04NmVlLTFkMGFmZTBiMGU1ZiIsImhhc3VyYTppZCI6ImI2ZGM5NDhkLWEyYzAtNDdkZS04NmVlLTFkMGFmZTBiMGU1ZiIsImF1ZCI6IjJzM2tjb3BiM2Q4MmlobWx1ZDl2MDN1azloIiwiZXZlbnRfaWQiOiIzZWZjZTlhOS1kNGM0LTQ0YzYtOTk5YS1jYzk4YWI5NWQyMjYiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTU4ODgzMzczOSwiZXhwIjoxNTg4ODM3MzQxLCJpYXQiOjE1ODg4MzM3NDEsImVtYWlsIjoiZW5kaWdvXzE4QHlhaG9vLmNvbSJ9.pfMH7XIe0Fj7xoC74_mMGNJ8zlvaeRrjTXVHn5ctssC4PIEtPVI2_2VKIC7FpVwyXV7m42QvObzSOX_bMAiECD3_HaXX-yYhc_FxKJdNJ0H5Rp4dVcnFivBJ1coy3Nj_9VUCrGkiASSJl0iEwhAZpe8ZVp1u_bZ94v5nkXiJOg0MKT8hvfznDZhN76U95LnHmKaHnCiOsraNy39I_ecX4u4KcvtNanEkUz2fQQ-ArQdasfld66xQITqTh9vtro0WFN3PXfdw9QTLtLQa_tnHHGfrK_fwbCUNIWg3oTkQexgEAFMBqboiJgfeApOu41X6JGEqN80t29duwIGPqHvFTw; expires=1589438947369; path=/; domain=localhost;"
document.cookie="CognitoIdentityServiceProvider.gjrwiogjoiwjrgoijr.b6dc948d-a2c0-47de-86ee-1d0afe0b0e5f.accessToken=eyJraWQiOiJMeXJwRWpveDVWNmN6UVRKcU9GTGIrK2dPUkJ0V0d1eGRreUgyb2hIMWdJPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJiNmRjOTQ4ZC1hMmMwLTQ3ZGUtODZlZS0xZDBhZmUwYjBlNWYiLCJldmVudF9pZCI6IjNlZmNlOWE5LWQ0YzQtNDRjNi05OTlhLWNjOThhYjk1ZDIyNiIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE1ODg4MzM3MzksImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1zb3V0aGVhc3QtMS5hbWF6b25hd3MuY29tXC9hcC1zb3V0aGVhc3QtMV95NDJxMERLQngiLCJleHAiOjE1ODg4MzczNDEsImlhdCI6MTU4ODgzMzc0MSwianRpIjoiMmI3NzVjZDUtNzEwNC00MDI1LWI4NTgtZjNmZmMzY2QxZjk1IiwiY2xpZW50X2lkIjoiMnMza2NvcGIzZDgyaWhtbHVkOXYwM3VrOWgiLCJ1c2VybmFtZSI6ImI2ZGM5NDhkLWEyYzAtNDdkZS04NmVlLTFkMGFmZTBiMGU1ZiJ9.AU4sY8eBzGcwYoVbgFNRU9slNCjB-ye3BLOPpYS6Ukh2rUsVkBrLAlN78KMUyzkvDdZudmjyXSsUpxD5U7TtXc9_aCQoTFVGNUHqJktLvaHdVFOqGqFaeAssgjr0jdfwTpqYoeTxrkVw_VILAKLqjYuF78Q1fHy6Ykf-qpvThZeDl-WRvlUM3R3eJIc4nPkKsAF-SqAnh6gSIwqYg_GaNiLHK3mZQyfJsHAlElzTaQR35U8phaG2k86B4bvsiv-qLB-0R3Lse74F5_OOjA877I147nVwBme3OPmGx8YEhiQaPZejPS_dTWuKa1M-m9_1HWejHi52n0XJtPQk9rtalg; expires=1589438947369; path=/; domain=localhost;"

Edit:
It's only happening on Cloudfront distributions.
I deployed my website with serverless-next.js, and might that CloudFront denies the request with large cookies.

endigo on 7 May 2020

👍1

Hey guys,

Library versions from NPM:

"@aws-amplify/auth": "^3.2.9"
"@aws-amplify/core": "^3.2.9"

Approximately 21kb of cookies, over default limit of 16kb (for Node 14.x)

cookies.txt

ialpert on 28 May 2020

We are experiencing the same issue. I have a CRA app which manages authentication via cognito using @aws-amplify/auth. Our API is hosted on AWS Fargate behind an ELB, where the ELB seems to bounce some requests with a 431 reply.

gerbyzation on 18 Jun 2020

I have seen the same behavior with localStorage (2 sets of Cognito records at the same time)

ialpert on 18 Jun 2020

We opened a support ticket because of this issue with AWS over a month ago, they have acknowledged the problem but the solutions they have provided don't solve our multiple subdomains in combination with multiple IAM groups situation.

ryanvade on 15 Jul 2020

@ryanvade Would you be able to elaborate on the solution they suggested?

gerbyzation on 16 Jul 2020

@gerbyzation the solution AWS provided was use localstorage. Of course localstorage is not available across domains so it doesn't work for our usecase. They also pointed us to this page in the documentation: https://docs.amplify.aws/lib/auth/manageusers/q/platform/js#managing-user-attributes and basically said implement the storage yourself which also doesn't help with our usecase.

ryanvade on 20 Jul 2020