Reputation: 21
Set-Cookie Header is in the response but browser doesn't set Cookie in next request only in case of nginx router use
Problem: Browser requests which are part of a flow in order as seen via chrome developer tools:
- /request_one GET request with request with some_cookie="abc" and response with some_cookie="def"
- /request_one POST request with request with some_cookie="def" and response with some_cookie="ghi" and a 303 redirect to /request_xxx
- /request_xxx GET request with request with some_cookie="def"
I am trying to find out why did the 3rd request use cookie "def" instead of updated value "ghi"
Key point here is that, it occurs when I go via elastic load balancer and nginx router. Same flow using internal URL without nginx router in-between, works fine
It looks like, before the cookie is set by the response, redirect request is created. This is a normal scenario in my application where I update the cookie and perform redirect-303.
From my finding, increase in cookie size in-turn increases response, What are the nginx configurations affecting the request and response size limits. I don't see any error in nginx error log though
Is there a way to debug from 2nd step response to 3rd redirect request in chrome?
Updating same issue with logs when executed the request via curl this is what I see when ran via curl
Ignoring the response-body
Connection #0 to host application_url left intact
Issue another request to this URL: 'https://application_url/contextpath/request_xxx'
Disables POST, goes with GET
Found bundle for host application_url: xxxxxxxxxxxx
Re-using existing connection! (#0) with host application_url
Connected to application_url (IP_HERE) port 443 (#0)
Upvotes: 1
Views: 2178
Answers (1)
Reputation: 21
Finally found that, it was cookie size which caused the issue. Based on the following site, chrome has limitation up to 4096 and I was passing 4116.
http://browsercookielimits.iain.guru/
Why I got carried away with nginx was that when used via internal url, it worked. But that was not the issue.
So one thing to understand is that chrome does not complain when the cookie size exceeds limit. It just doesn't use it while creating next request
Upvotes: 1
Related Questions
- Set-Cookie response header does not set a browser cookie
- How can I set the request header for curl?
- cURL throw cURL error 7 Connection refused
- Why is a set-cookie header being ignored by browser and the cookies not saved from an Ajax call using fetch?
- What is correct HTTP status code when redirecting to a login page?
- Curl GET request with json parameter
- how to issue a relative url redirect from nginx?
- curl uses POST for all requests after redirect
- How to set cookie with the request using rest assured?