Cookiemonster - eats cookies
This can happen naturally. For example browse WCMS sites without ad block and then check howmany Google Analytics "_ga" cookies you have.
Indicators errors that your web browser may be suffering from too many cookies:
- "Request Header Fields Too Large"
- "header field exceeds server limit"
- "I/O ERROR"
This website tries to mitigate the issue by providing instructions and a service: https://cookiemonster/eat
How to use this service
- Detect large header cookies in your http server
- Redirect to cookiemonster to eat (with a callback)
- Optional check for cookie "COOKIEMONSTER_ATE" to prevent redirect loops
Caddy
-----
## NOTE: set watermark for cookie header size; at 6000
## NOTE: only eat after COOKIEMONSTER_ATE expires to revent possible redirect loop
@cookiemonster expression size({header.cookie})>6000 && !header_regexp('Cookie', 'COOKIEMONSTER_ATE')
redir @cookiemonster https://cookiemonster.fast.uwaterloo.ca/eat?callback={scheme}://{host}{uri} 307
Nginx (untested)
----------------
# write a small lua program: /etc/nginx/cookiemonster.lua
local cookie_size = ngx.var.http_cookie:len()
if cookie_size > 6000 then
local redirect_url = "https://cookiemonster.fast.uwaterloo.ca/eat?callback=" .. ngx.var.request_uri
return ngx.redirect(redirect_url, ngx.HTTP_MOVED_TEMPORARILY)
end
# add something like the following to /etc/nginx/nginx.conf
# use larger buffer so nginx wont fail on large header cookies
large_client_header_buffers 4 16k;
location / {
content_by_lua_file '/path/to/check_cookie_size.lua';
}
Apache (todo)
-------------
Please share your solution
Testing
Test cookies have prefix '_TEST##' and expire after 5minutes.
- /view -- view all cookies in your request
- /delete -- attempt to expire all cookies given in the request
- /test20-250b -- 20 250b cookies total ~5KB
- /test20-500b -- 20 500b cookies total ~10KB
- /test10-2000b -- 10 large cookies total ~20KB
- /test10-4000b -- 10 huge cookies total ~40KB
- /test20-4000b -- 20 huge cookies total ~80KB
- /test50-4000b -- 50 huge cookies total ~200KB
- /test100-50b -- 100 50b small cookies
- /test500-1b -- 500 tiny cookies (browser only keeps last ~170)
- /test200-1000b-secure -- 200 large cookies marked with secure flag
- /eat?callback=... -- eat cookies and redirect to callback URL
- /eat?callback_encoded=... -- callback where the value is urlencoded