Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cookie data size exceeds 4K - But its 'only' 1100 bytes encrypted

I have a Sinatra app using Rack::Session::Cookie

use Rack::Session::Cookie, :key => 'my.key',
                           :path => '/',
                           :expire_after => 3600, # In seconds
                           :secret => 'something'

I have one place in the session where I set the data, and I do a dump of the session, which is about 600 bytes right before the erb call

  puts "session is #{session.inspect}" ==> 400 bytes of text

Then I get

Warning! Rack::Session::Cookie data size exceeds 4K.
Warning! Rack::Session::Cookie failed to save session. Content dropped.

Funny thing is, it all seems to be working, in that everything I set on the session comes back to me on the next hit. The session size as reported in the Safari development window is 1195 bytes, and it all looks encrypted, etc.

Any ideas on how this could be happening? It appears that the message is spurious, but looking at the Rack:Session code - it appears that something is being dumped...

like image 529
Tom Andersen Avatar asked Feb 29 '12 23:02

Tom Andersen


People also ask

How much data can Cookies store?

So, what are cookies? According to whatarecookies.com, they are small text files that are placed on a user's computer by a website. They hold a very small amount of data at a maximum capacity of 4KB.

How do you increase the size of cookies?

i.e. you can have 1 cookie of 4096 bytes, or 2 cookies with 2048, and so on. You could try using sessions, but I would recommend looking into HTML5 localStorage that allows you to store larger amounts of data instead of passing them back and forth using cookies.

How many characters can be stored in cookies?

Firefox and Chromium, including the new Edge, has a limit of 4096 characters for the entire Set-Cookie header value.


1 Answers

Fred is right. session.inspect is not going to show you the exact size of the cookie string length. You could use tcpdump to get a better idea of its size;

tcpdump -s 1500 -A host and port

Then make the request and check out the actual ascii dump of the cookie data.

lal00 is likely onto the real underlying issue

like image 148
Wedge Martin Avatar answered Sep 30 '22 10:09

Wedge Martin