Framework: CookieSessionHandler fails with large cookie values

The only solution I can think of is moving away from the cookie session driver to something else. This is not really something that can be fixed, it's a browser limitation.

I was able to solve the problem by modifying the cookie session driver to split the data into multiple cookies. I did this on 5.0 and we are in the process of upgradig to 5.4 (there is currently a conflict in 5.4). If its something you would be interested in merging into the project, i can update the code to do the same with the 5.4 handler. There is still a browser limitation that needs to be addressed with some sort of exception IMO, both a max cookie num and max combined cookie size.

Splitting the data over several cookies will still hit a limit later on. Testing my current browser, Chrome 58, at http://browsercookielimits.squawky.net/ shows that I can have at most 180 cookies á 4kb (=720kb) per domain. The page lists IE 8-11 as 10234 max _characters_ per domain.

These numbers includes any other cookies you may also have; remember me, tracking, etc.

That conclusion of that page:

If you want to support most browsers, then don't exceed 50 cookies per domain, and don't exceed 4093 bytes per domain (i.e. total size of all cookies <= 4093 bytes).

Yeah you're right. And after further testing, it seems like some browsers like safari (desktop and mobile) have a limit of about 8k total, and so does AWS's HTTP2 header. A maximum length with an exception would still be helpful, otherwise someone using session cookie storage could set some data only to have it disappear without a trace or warning.

Hello,

I'm reopening this ticket cause I think that Laravel documentation is missing some advice about this configuration option.

Here I'm using version 5.5 and had the same issue. Laravel didn't give me any warning, it simply cuts the session at some point. I didn't even use the session explicitly, but just used withInput() method on route() function, which I suppose uses session internally, like this:

return redirect(route('report',$this->currentRoute))->with(['success' => $message])
            ->withInput();

In this situation, the 'success' message has been cut off when user input is too big.

TL;DR: It took me some time to find what was the cause. So I think some small information/warning in Laravel documentation could be useful, to inform the users that it might be risky to use 'cookie' storage cause of the limits on browsers side.

Regards,

May be best to open this on the laravel/docs repo. You could even send a PR with your proposed changes.

This seems to be quite a constrain. I'm starting to get cut off as soon as a form has 22+ inputs.

I guess the same issue would happen with fewer inputs but larger values.

Wondering if this is something that has been solved in more recent Laravel versions?

This seems to be quite a constrain. I'm starting to get cut off as soon as a form has 22+ inputs.

I guess the same issue would happen with fewer inputs but larger values.

Wondering if this is something that has been solved in more recent Laravel versions?

No it wasn't. I just spent whole night figuring this up. Switching session driver to "file" solved this. Cookie driver is really crappy tbh, it should not be set by default.