Unexpected end of file. Following elements are not closed: Cookie, SecurityContextToken. Line 1, position 2998

Question

I have implemented ADFS authentication for an asp.net 4.0 application. I have hosted the application in the production environment with webfarm configuration. The website works well and all the images are rendered properly in the IE8 browser. But when I tried to browse the application in the Safari browser the website does not works some times and the images are also not rendered properly.

By using Fiddler I found that the sometimes that images are not rendered properly and it comes with the following error :

Exception information:
Exception type: XmlException
Exception message: Unexpected end of file. Following elements are not closed: Cookie, SecurityContextToken. Line 1, position 2998.

Thread information:
    Thread ID: 12
    Thread account name: CT\acmeweb
    Is impersonating: False
    Stack trace:    at System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader, String res, String arg1, String arg2, String arg3)
   at System.Xml.XmlExceptionHelper.ThrowUnexpectedEndOfFile(XmlDictionaryReader reader)
   at System.Xml.XmlBaseReader.MoveToEndOfFile()
   at System.Xml.XmlUTF8TextReader.Read()
   at System.Xml.XmlDictionaryReader.ReadContentAsChars(Char[] chars, Int32 offset, Int32 count)
   at System.Xml.XmlBaseReader.ReadBytes(Encoding encoding, Int32 byteBlock, Int32 charBlock, Byte[] buffer, Int32 offset, Int32 byteCount, Boolean readContent)
   at System.Xml.XmlBaseReader.ReadContentAsBase64(Byte[] buffer, Int32 offset, Int32 count)
   at System.Xml.XmlDictionaryReader.ReadContentAsBytes(Boolean base64, Int32 maxByteArrayContentLength)
   at System.Xml.XmlDictionaryReader.ReadContentAsBase64(Int32 maxByteArrayContentLength, Int32 maxInitialCount)
   at System.Xml.XmlBaseReader.ReadContentAsBase64()
   at System.Xml.XmlDictionaryReader.ReadElementContentAsBase64()
   at Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver)
   at Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver)
   at Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie)
   at Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken)
   at Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

I then tried to follow the below mentioned link :

http://social.msdn.microsoft.com/Forums/en/Geneva/thread/ea00ec3f-ebdf-427c-929f-d4a196650552

But it also did not worked for me. I then tried to stop one server in the webfarm configuration and then found that the website is working fine in the IE8 and Safari browser. In IE8 browser it works all time and all the images are rendered properly but the Safari browser does not in case when both the servers in the webfarm are turned on.

On analysis I found that from ADFS I am getting some claims information in the form of cookie and the cookie length is more. For IE8 browser the cookie length is more and for Safari the permissible limit is 4097 characters.

Hence I thought of maximizing the limit of cookie for the Safari browser.

Can anyone please help me out to resolve this issue by providing any code sample.

Thanks & Regards, Santosh Kumar Patro

Answer 1

The problem is now solved by enabling persistent cookies (Sticky Sessions) on the load balancer in the webfarm scenario.

Answer 2

I handled this issue by reducing the number of claims that are returned from STS. This will reduce the size of the cookie. I deduced another means to grab the data i needed via a service that i implemented.