Microsoft-authentication-library-for-js: 431 Request Header Fields Too Large due to msal long cookie send in headers

Created on 27 Feb 2020  路  5Comments  路  Source: AzureAD/microsoft-authentication-library-for-js

Please follow the issue template below. Failure to do so will result in a delay in answering your question.

Library

Framework

React v16.6

Description

Due to loo long cookie send in request header azure webapp returning 431 error ie request headers field too large. After looking into the issues found that cookie send in the header is too long causing this issue.

cookie shown in request headers(in chrome network tab) contains a long info about msal as follows.
It contains msal login urls, client-info, nonce, authority and many other thing prefixed with msal.

I think cookie sent as header contain duplicate info about msal.....

Configuration

const config = {
      auth: {
        clientId: process.env.REACT_APP_EnterpriseADAppClientID,
        redirectUri: redirectUri,
        postLogoutRedirectUri : redirectUri
      },
      cache: {
        cacheLocation: "localStorage",
        storeAuthStateInCookie: true
      },
      system: {
        logger: logger,
        tokenRenewalOffsetSeconds: 300
      }
    }

Browsers

Chrome

bug duplicate known-issue
Source
picture AbhaysinghBhosale

Most helpful comment

Even after updating to latest version getting same issue, Cookie size in the request header is still the same

picture AbhaysinghBhosale on 18 May 2020
👍2

All 5 comments

@jasonnutter is there any workaround for this? or it will be fixed in any new version of msal ?

If this issues with long cookie is due to acquireTokenSilent which creating duplicate/long cookie. Because if its the reason i can disabled acquireTokenSilent calls.

AbhaysinghBhosale picture AbhaysinghBhosale on 28 Feb 2020

@AbhaysinghBhosale Not yet, we are planning to have a fix soon.

jasonnutter picture jasonnutter on 2 Mar 2020

This is serious issue because all requests going to app will be failing with the same 431 error. We fixed this in our case by specifying
cache: { storeAuthStateInCookie: false }
in MSAL configuration. We could do it because we do not support IE anymore and rely on localStorage for caching tokens.

AndreiZe picture AndreiZe on 2 Mar 2020

Closing as duplicate, tracked in #1188

jasonnutter picture jasonnutter on 2 Mar 2020

Even after updating to latest version getting same issue, Cookie size in the request header is still the same

AbhaysinghBhosale picture AbhaysinghBhosale on 18 May 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ninio picture ninio  路  3Comments
lecaillon picture lecaillon  路  3Comments
sameerag picture sameerag  路  3Comments
ArneMancofi picture ArneMancofi  路  3Comments
baltuonis picture baltuonis  路  4Comments