Framework: [session/auth] 400 Bad Request - Request Header Or Cookie Too Large

Created on 15 Apr 2014  路  7Comments  路  Source: laravel/framework

When using Auth with the remember feature and the driver being cookie, this is the cookie being sent:

remember_82e5d2c56bdd0811318f0cf078b78bfc=eyJpdiI6InNQZUltWm9aZkVSUlhcL25BSDJXUVdLTU96YjR0N1d2KzF0d3V1Q2o3MlZBPSIsInZhbHVlIjoibEJ1dVFvZmNsWVFQWWJObTUzNG1ZNmppWm5OdDlzN3R5amlnekxONTJcL2s9IiwibWFjIjoiNGVkYTg1ZjgwOWYzMmYyZmRhOTIxYWViZDgzNTk5MDZiZDE2OTY3ZDIzNzNmZTE5NjFlMGUxMmRmYjgzMDNkNyJ9; victorious%3AloggedIn=%22%7B%5C%22_v%5C%22%3Atrue%7D%22; b36f97e6055afa3dd0b66e0788498509a79a4e4a=eyJpdiI6IkV1NGpUdXA5Y09vYkRTTng5THUrTDZDandqK0pDNlBucWdPV3dcL2UrWkdJPSIsInZhbHVlIjoia2U3T25vR1BWQ3FBeEs2WjRhMWFtT2JWbUhFaE9XZWlMVHE2Y1B5MHN3WnNOOFdnbUNWKytFUFIxS2MzdTdPZUxSZlN4UmZQZk1XWFhSdG96VVwvWkNqWlV1VDhRc3N2R0t0VWhcL1F1U2p1dmxDT2dCNFFTa1kzVkFWVTQzS1VwTEdYUDVzSVZWNGhsb25YWFBtVGtIQUl3T0RqTkk2d3pxNGhzMXFEUXFDSWhOTko1MHZVc1E2TmpjRWJpcHE0T05vR01ReEhzVEtYb0lcL0F3WXlyWGRObFdoT2xcL3JObkpRRlU2RWNYaDZHeGJSd0tneUVUMWFYNWxIZVVadFo1bE1oaCt5R1FqWGFrekt5eVJkcDczWUlvOTlkWDUrY2ZtNDFpUldxaFZMbHR2TDA4eitOM0V6OGZ3NnVkUW9HY20rb3ZmSkxCbnJudnFYWUFiZ3BDd2gwcEZwUjZrZVlsTzRLNWtPQ2g5SHpmMStTS1V6VzB6MlNURFBZSjZNcmJoVTh0NXJcL2VqeGg1dCtVVTM4ZUNaYzdaQ0RqQlFXVTVJK09qalloSG5hSlZBPSIsIm1hYyI6ImNiZTkyOGJiODM3MmEyODMxMjk2MzBiZjk2YjNhNGEyNWNlYjNjM2UxNGYzM2UxOTBiZDJjZjU5YWMxZjU3NDEifQ%3D%3D; 31cb063136c389865bec977154d8b46c8f9559e6=eyJpdiI6ImNcL1lLODBYQ1hTQVwvVHpXRkhIRGdJNzcxR1hPU29KNEFvYWR1TmlKbWVWYz0iLCJ2YWx1ZSI6IjJ3aFNscWo1emdrTVwvS2JrSmMxaHpQa3pTeEg1ZjFDMVE4WmQ4N0NcL1NqSUFwMWJSaHN3UTBhcllGZ2tkelZ2cXJnSFhLSmtxTFFMUUE3V29xVHUrQVp0UWNwZzJYZGlFcjNrZE8wWUJBQURPRUlCM0NrdHJcL2p1Q1NFWXZ0aEk5anY4dm1oeTA3Z0JSTExIdVwvS20rYnJwNjFSazV4UVJDNGlRR3ViZmNpQzN6cTZpaDZad2dnR2VQZjFvU0QwXC9CV01rUXR3dkF4RWRyXC9QR0FhWG85ME0xMlZpXC9zOFR3OURoOGNlR3ZoNTdSN2x6SnN0WWQ4VzFyMzBBeFEwYWtvWHZsUVJtWldXYTZSazJuWnlzS3hvWmM1TEpUVHVXWEZvN0hBK0Q4UHpURVJvR3QrVVwvbm1oN2tFaVAxcHA2eSt6RUdkd2VBNFYxOVJHU3pvd3EzUGFHZ2VwSnZ5WGI2UkhHRnZ4NVgzSjNjeU9qSlhIT1EwRlwvekk2WVwvQVIyWWVkcHA3VTU1MmZpcmZrYWQ1dEdzUUtTU0ZsbnRQWUFSdmFRZUg2SXNxXC9lND0iLCJtYWMiOiIxNzMxZjY0OTE5ZjM2ZWIwNzRkNDE2NTU3Y2UyZmJmM2FjYWM5YjcyZjlhNWVlOGZlODk5MDc4YTkxYWQ4MDEzIn0%3D; c46f4087bbfec5c678cf06b0338138abb91a5efe=eyJpdiI6InlcL0I1V1RxOWRWVGgrdVhrNlA5WncwVktaY21udUxiQ0VVZzEyVkRaNXRVPSIsInZhbHVlIjoiWWtkMEJxNWRHTTBZbXZHVzlzMWc0ajFsNUxxUjRwdGdJMkxPc0FuWlRkSVhZZ0hCRnRERFRzRmpXb1puUDYxSnMyRkpVZzJTZXNob1g2WXpYNlVKXC9CaTBaTURqRWZBUm54bkpQRVM5bkpYREttR2ZEajVLWm0yd2JSa3BJNEdXVXBIVkJ5eGs5U29raWd1M3JDR0FiVUJLeWQ5SlJ6TVBKZ3lIMVhGN3BkaGViQVwvZk52R2VwZUw4bVAwTFp6Nk5HbUlRYlRWQ05VaWlZeWphU1d2a0FjVU5WdU45YVA1NGtcL0V5WEJKRk1zU0x3dzJpeldLQlNcL0lRaVwvdGdyTXJiN1RHaUdIcllmcUFnVzNqeDRFNFM0OFJyc3RjdGhOUTlob1NMSE00XC9iZzlHNlRHTTBVWkcraCt1SDU0Sks1NkhUekVsdjV4eFl2cUh5MmxnZG5yb3dnT2ZpazJkQXdoeE45cTRXaG1KcnFrYXo5cTRhZmtRdnZkWGNMREhwMGNmXC84T1R4T08yS0xUOHpEeVV3SmRmSG9cL1pITkkxK2g5ZkVUdml5ZVkzQXlRPSIsIm1hYyI6IjIyYzBiNmM3ZmFmZmI1MTkwMDNlYTliYTFmNDk3NTAxNjA3YmFmYzE1YTkxNzMyM2Y5NDI5NWNlZmE0NTNiOTYifQ%3D%3D; a867668f446f10077d06f92e8e1f12dbf90acfaa=eyJpdiI6Iks3dytZM2ZvcDNOc1pIMk91R2JrSTEzSHlPNXFvc3hxMlpcL21nYlQyMmMwPSIsInZhbHVlIjoiUEpmY2k4M0k1NEhZMEdEdGpKaDNJQzRNS2VLN2lwZjFndDdxUHZ2ZnNqdXBkaHM0RFFTeTRrRTE2REFjbVdVY0FPckJOa1J5d2lXS3NwNXVNU282N3BBQVNpYmg4NFJmdTI5Y3o1Z0N2N09TSkR4VXVNY1RaWW9GV2JsOWJqVDBJVWtVYVNvVEkxb1ZEUWxJa0dZeUxOSW9UTlRiMkVuNk1wQUN6cms4Z1NMSTl4NEp0dmc4SDBrSU1xWktvdnV6aTdMcWRzUWE0Zmh6Y3d0bG1yMlgwRno0RWxSQWU3VmN1OGkxQkNoUHlweUtPdFh1R0JCUGxJTDNcL2sxRnRrYjYyZENiZVNXeGczSDdKRStUc0RcLzBycllETnNQWFwvVWl0NkFOblM1MUdZMUNEZlVoOHZZTklrcmhzZkVyYTM5OHhydGphaWtSTVI1WGJJNDU2UDE0NU1pXC9ENlwvWFNpUHRhaFhcLytpdTJoVXhQVE81R2Y2YzdsS2VcL0hWZTM1QnRwM3l0V3VkT2dQUHNRY1wvMG9IRjM4UlFWcWpnS21pWU0wampCeWxYd3V0VTB3PSIsIm1hYyI6IjgyNTZkM2YyY2QxZTczZDYyZmRhNTRjODA5Y2Y1MTI0ZTA4YWJiZTg2MTlhZDRkZTY2NmIxY2QzNWZiNDY5ZmQifQ%3D%3D; d38922a80839ea245e50b962f971218a6211dcfa=eyJpdiI6InZGZWhNSWQxM203NXZkZlwvUUlJVEZwT1YzVjJTbnRZMFwvdlg4XC85OVZcL3VRPSIsInZhbHVlIjoiWHpBcVRkV2Z1RG4yTmMzMWVKXC93Q0VvZVVWVlVPNFBNb0RTOEJQVnJIS1VubTdMSDZyQ3pjRGlJWU5sMXpcL0p2eTJDTlNtbm1cL1kxUHpyNlBpOUtFTWVWc1kxMEZSbVNHR2VHRXdUbmhOZnRuenFzczhaaVhYYzVaZTFOOFBZMXMzdlVvR3FHb3RHWXFOUnhNZVpOY1E4bU9xWDc4cFVBdUIrOVJtaDRVM05LOWZvU0RnZWNxRnA1RFZvZW5pSFhOZUttRXR4cEs1V0x6TFwvS2JKakNVTlp0MVRNSTZxaHZ6RWNsYndJN2tQV0tobTlwc2poMUMrVHYzVnlQOEdMR2hJaFwvRzVzRmxnOGdacmdZeFlnUnE3U3VtOFc4OFwvYWg4TEtzekwxeHcxVWZzNUw1MmlVQnhTekdTeDdEWlU5OGI2WHJQdzJaSTBZXC9aU0J1eld0R3A1cnNkbjVWOWdVVjViRVd1a25UYlA4ZFRQXC9IV2w1YUtpVXdycDhuaWU1TDMwaW1seVp4eXVmYkRNSHZ5ODlUVFp6akV5Zit0TDVnbVh6bXpzWEZVSEgwPSIsIm1hYyI6IjcxMTQ2MjE1ODFkNjZjZWQ1ZTI1YzYwOGI3ZThiNzBhYzJmYTlhOTZmNTkyOTE0OTY4N2VmYjVmMGNiZWZmMmUifQ%3D%3D; 99f01dc2106adcfdc64c7162783878be92a931db=eyJpdiI6InRcL1d1ZWtkRTdTRFFxT1NyWGRpUk1Oc1Bkekd2ZkZPelFnME1NUGJRbTJvPSIsInZhbHVlIjoiSU5hd1B4bVFDWnkxZE1vU2JJbjRRb0dvXC9JYTh4Z3J4R2tNekZRMkhJMXV2UENpU2hOWkF5emJSRUpwUjhacG9EMmsrYkRsUlNSXC81d1ZhOW9TbTNEUlZZdjdvY1wvWEE4Zm1jWDlLOUdIUldiRlwvcWpKeXlsVSt0bklYY2FcL0J1XC80UEJQSXNaaDBDYVRnbExGUWVVV0dEM3JkMGhnV2RDNjhMNzFuVFIyMzRTdGNKeVVkem00R1VJVEgxcmhScCtqMlplV0oxdmRxcE54em9KQVd1RUxZRFd2T0FHbzEwdUxDRXYySFQrSldJVFdDN0xldmIxK3Y0UkhkS0FoQkNEaWhuR01MaitOMm1lVmR3Qk1laEpRQkI1eWhJQm9qenVocXk0b2RsQXRYT0dNdGNOcHk1ajJ6ajZmWXk4VkxZVFlycXV0ZXZKRTZ0aHVxRFBkTzVud1NPcm9Qb0hFZlhWYnJRZWYyYk5vUG9MSFg2UVVpTmZlbXhESVlZWHQxYWEyUkE4ekk5bE1TcjZHOVhlejFyWTZyY1hva0F2eDNvSDlFR3YzcWl3OUQ4Zz0iLCJtYWMiOiIxMDg5ZDVkZjhiY2FiMWE5ZTMxMTRmNTU1ZmZkMGQxYzVlM2JiOWE1ZGNlYTQxYTRkYzEzMzgxYWZiOWU3OGZiIn0%3D; 15d52114916d5c0f0218a53426d8897ba497f434=eyJpdiI6Ims5YktPR0FnaFRwZ3N2ZU53RjNVbjFFRmdYeFBYbjhVbkxEYzg5cEJSSnM9IiwidmFsdWUiOiJPdE9KWDBRN2RVdVV5QmdlVEViVFFPMHM5ZUF4ZzF5XC9hUU1jUFRBRmUyeUd1ZVlYTGNjMGVpc2pBRGFadHpqRGtVRE9CNkwyaXlweHZ6U2pHS0lSSVBEeFIxck1LTGszXC82QkJncjRWN3pHMzJvMGxzU296bVVWcXZSUjNqdmdRbFBQRHFab1ZpV1VhM1FKakhBWW5GRzNEVlkzajBFQXdDN2xMXC9qSWlWWGxCaHh0dkFKZldDUldGUktwcmc2TVRoVW51ckhjWXNrdmpYNVV5RUR2aisxZ01HXC8xb0RaRVwvQU1ZT09SS01EUlwvRXp0NzlhajhUUVpJVG9FeFwvS0hFUnpvbWhENkNJSGJhSjlpNXR2bDRvdTBKM0F4Q0ZURkN0eXZtODN1VFZ2SUd5WE9RZVZBa1U4MkdTYXhseTVwYVFCa1Ric2FFcCsybHc0SmRnQTl0Qm9SZ1FJMGRFMEorK1dtM2NnYTlXeXlha1lMZkd1c1wvQTE0ZzFFRytNeU95Wkp6dnpWWStvZ3plbHI4VHpFVXVud2xBT1BoTjk4aEoxS3FoODdydGVQYjA9IiwibWFjIjoiNjU2MzI2N2JlMTE4MzliNjU2OTc5MGJkYzU4N2MwY2RiMjgzMDNiNzBmM2RmYzY1YmRlNmQ4MTk4NWY5Njk5NSJ9; bafa843545a0d874ee87d9b5af4f9f8fbbd0377e=eyJpdiI6IitndWZJb2JBMHBFZmt4VCtBWkY3RUNVSVY1Q2JxSWxlWXplc2pFNHJFQUE9IiwidmFsdWUiOiJuelNhb0FydHluVyt6NGJCU2RFYk0xdWg1WXFBQ2VYUlhBUDIwTXhKTG95WHBRTFY2ZGV4bDh5SndEcEFlOWtQU1BHOVJRVFRLNlQ0NzBaNHVIOVZaTlhqbm5FeElFRnhtcFB1RmpneGlwMjd0VlwvOGpmXC9HMHN3NXM5clFQSU5XMDBneVJ2aWppU0ZiSDV6WmtOUWhzOUJkREE3Y080SXFoQ1ZcL3FlWUJEUHBUbXM0SWdXZFh5eXhQdDFYT1wvMDRSQU1DemtieE4yMlVzRVFnbGtEUEt0M0dhV2IrdFwvMkRHbFdMeW9sZldLYzBxSEptT25HT0o2YTV6b0ZuU243Umo1ZjVPUXhiOG0wN2oyRkk3MWhFZ2ltNEYySlZZODU2YnNnNmpMSk1UN01sNlV4S05ZZ1RrNzEzMEpUUjhhN3ByMW5TZlBPWlVJWFkwUWRrOG50dW9JVTJLRjFKQXVzWGlKWUxxY1JSNW9XcGpDVTVjaDNIWjhuXC9haEJsN2tNQzA3QWxiV04rZlwvcHIyTVhRSG41bGQ2S2xVMVViVU85XC9DdmpWMWgyTFhPWFU9IiwibWFjIjoiMjAyMmU3YjA0MGE0NGVjMjQ2ODA5ZjUzMzFhZWU1NjhkOTYyNDNkZTk2OTFkYThlNDIxZWVhZmRjNDRlYTFhYiJ9; 754b077bfde9cb97113257b7bede0cf6ba766ab3=eyJpdiI6IjJrTDFHdEhJNjRrcndTeFpkcE5mRkVCYlFoM1M5aHJOWDFcLzZkandEMWs0PSIsInZhbHVlIjoiSkJaQVwvRkFON0VOTnczZDhycGRpTGZKK2c4aDR4aXM3c2lcL2grSWpDZzdtRFhtZGhsc2tYNHN4MnFmdVZhZVViMzN4UWp2WmR0WWx1QXIxOFI3T0Qxc1JKaFhBUXBWakpLdjR1VWF6Zm1FMFNlVnZrZ2E5ckI3NWhHZGZyTzh0TjFlY2QzTWlQS1VCdTZVZ2R4bVhHNVRSSHdldzJYZVlHUmZYdXpRXC9HQXcrUDZQZ3IxYUpCWGtwQ2g5cnN0WGxhemlGd0tsc1VvU1lOWCt5aUZuM2VhNGxzSk92dGxhZ1lNWmNIRUptNlkrZ1BHYkk0T0EwemtHNVVRclpDeFBFTVdSS3czV29PXC9vSlJudlJGcWtXWWVzT1E2dGd6U1Y1TFN3dkhYb2VHY1dZdm5nWW81d012UlB4YlZMUnRpQVlLZ2VFR3FUak5DV2lIQVBZVk9QU1dXRzFUNmlhWlFRK05PekN0bkFmTUhHRjM5VkVydEFXZHZGUk5pQmtzNzBiemc5b3RQbWkxKzBYVTVLNWtsck9pNkJIZTJDSUJOYlkzeGE2a01UWUt4bk09IiwibWFjIjoiMTg2ZTQ3NzJmYzdkMzVhNTRlNzM0YzBhMmQ1ZWFiNjVjMzZmMmEzZTM0NGVmMmQ5YzExYmY2MWJlNmFmMDc3OCJ9; thevicdev=eyJpdiI6Imc4dGowVlMrNkVPZ0tZR2puQTVpXC92bGlXSTRQOUVhY0JkeThFNjEyWExNPSIsInZhbHVlIjoiUzVcL2ZnXC9pSUxqNHRMTFdEbERCSFZ3TWl1RDFQOWJNN2JEYldrY0RudngwV3dWQjNlcnpqRHRSR0ZETWNlK1pGMFN5T3FCZldCQnp4aWVKTWNNdFBhdz09IiwibWFjIjoiNTI2MjkyOGQ0YWM2ZDU5MTFmOGMzNDg2ODkyN2E0ZWRlZjY1MTQ2ZTU4YjhmNmY1ZThmNWExZmM2MGEzODEwMyJ9; 42f3b7c6806bd40ef1a5272b2c379299c3154a39=eyJpdiI6ImxaeVwvdDFyYzdGelJDbVk5bzFSaTl6XC9Jd0pcL3p4Sm1cL2NNMlVuQXdxYWRFPSIsInZhbHVlIjoiYmxza1o1SGZQWUJsRXdyRFBpdk1pS1c5N1wvQTI1RDFieUVENzNUNFJadTk4RExDV1RLRVg4NTVcL0ppR29FZEx1cjA0OGNtWjNVaGttZEtESk1DYUJadFdVS1wvZzM2SkVvUlNmbW00UzB4MngyNENxWUpRK1FpUXBYd2dFT054ZVJFYWdoMUVpZHpyeWlIV2pZbktKZTJxaUhXTnF1TDVzNHFwR2NpWVRTMTBMTDVvd3FEWUU0Z2pSdk9lQWlsOU1COFBLTVdra0dQVnhOOEZsM0IxNXNjNG8rMlJkOGJuWWJQT0lpUVpcL3hzSERzdE5SMTd3dUhXaGNaUm42RHBvaVwvRjRKR2tSNThcL01XK3RzRFZXXC9sV2hWZTY3ZlJneEhra3RKQzZ3Vzdja1wvVkNzb2JxcjZWSFhIQ1hzQWZsUXBmZmtuMWQ4MHRvVmFDRGc4dkpwbWVYRUNCeTFxYTlBeDFnRllxUzdBREVqUEVGbURybUVjbWNSRUNwVTl1WFhTZnVSRDIxakRXR0haODd2K1VmWWRsNnA3SVFZd3cwalB3TzNVXC8wRHJld3Z6UT0iLCJtYWMiOiJjNGQxOGJjZGIxNjRlY2ZjMjJmMjI5ODA1MTg3ZWM2ZDQzOWM0MWVjZjU3Y2ZkYTQ3MGEwMjk5YTAxODg5YmRmIn0%3D

which is really too large.

picture Mulkave

Most helpful comment

For anybody finding this via Google search for "laravel Request Header Or Cookie Too Large", etc., you can do the following to update Homestead to work with large(r) cookies:

Follow these steps:

  1. ssh into your vagrant box
  2. edit the nginx conf for the site you're working on, in: /etc/nginx/sites-available
  3. edit the file and update/add large_client_header_buffers 4 32k; (updating to 32k worked for me)
  4. save the file
  5. Restart nginx: service nginx restart
picture wuori on 19 Nov 2016
👍13

All 7 comments

Cookies can be up to 4kb right?

taylorotwell picture taylorotwell on 15 Apr 2014

I think so @taylorotwell. Still, that large string does seem like a little bit of overkill, and is pushing right up to the 4k limit.

GrahamCampbell picture GrahamCampbell on 15 Apr 2014

Well its 700 characters, not really "pushing right up to the limit" :)

taylorotwell picture taylorotwell on 15 Apr 2014

we still get this error when we write out any cookies 4.2
it nearly killed our site at a critical time. anyone have any experience fixing this bug? we had to turn off cookies and switch to redis sessions

wolfgangx picture wolfgangx on 8 Aug 2015

For anybody finding this via Google search for "laravel Request Header Or Cookie Too Large", etc., you can do the following to update Homestead to work with large(r) cookies:

Follow these steps:

  1. ssh into your vagrant box
  2. edit the nginx conf for the site you're working on, in: /etc/nginx/sites-available
  3. edit the file and update/add large_client_header_buffers 4 32k; (updating to 32k worked for me)
  4. save the file
  5. Restart nginx: service nginx restart
wuori picture wuori on 19 Nov 2016
👍13

@wuori thanks, it worked

medioseureka picture medioseureka on 2 Apr 2018

@taylorotwell Except there are other cookies like this (Eg the XSRF Token, the session cookie, the passport cookie etc, etc..) They all add up in the end and it's really easy going over the 4Kb limit..

Tofandel picture Tofandel on 24 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

klimentLambevski picture klimentLambevski  路  3Comments
fideloper picture fideloper  路  3Comments
lzp819739483 picture lzp819739483  路  3Comments
kerbylav picture kerbylav  路  3Comments
YannPl picture YannPl  路  3Comments