Cookiemonster - eats cookies

Problem: Domain cookies can accumulate in web browsers, and then become larger than what web services allow.

This can happen naturally. For example browse WCMS sites without ad block and then check howmany Google Analytics "_ga" cookies you have.

Indicators errors that your web browser may be suffering from too many cookies:

This website tries to mitigate the issue by providing instructions and a service: https://cookiemonster/eat

How to use this service

  1. Detect large header cookies in your http server
  2. Redirect to cookiemonster to eat (with a callback)
  3. Optional check for cookie "COOKIEMONSTER_ATE" to prevent redirect loops

Caddy
-----

## NOTE: set watermark for cookie header size; at 6000
## NOTE: only eat after COOKIEMONSTER_ATE expires to revent possible redirect loop
@cookiemonster expression size({header.cookie})>6000 && !header_regexp('Cookie', 'COOKIEMONSTER_ATE')
redir @cookiemonster https://cookiemonster.fast.uwaterloo.ca/eat?callback={scheme}://{host}{uri} 307


Nginx (untested)
----------------

# write a small lua program: /etc/nginx/cookiemonster.lua
local cookie_size = ngx.var.http_cookie:len()
if cookie_size > 6000 then
    local redirect_url = "https://cookiemonster.fast.uwaterloo.ca/eat?callback=" .. ngx.var.request_uri
    return ngx.redirect(redirect_url, ngx.HTTP_MOVED_TEMPORARILY)
end

# add something like the following to /etc/nginx/nginx.conf
# use larger buffer so nginx wont fail on large header cookies
large_client_header_buffers 4 16k;
location / {
    content_by_lua_file '/path/to/check_cookie_size.lua';
}


Apache (todo)
-------------
Please share your solution

Testing

DANGER: the following links create large cookie headers under uwaterloo.ca. Many websites in the domain will drop YOUR web requests.

Test cookies have prefix '_TEST##' and expire after 5minutes.