Cookie chunking for session cookie

[DavidDeSloovere]

Describe the feature

The session cookie can get big. Too big for the 4093 limit.

Built-in cookie chunking would benefit everyone from having to work around this.

setCookie could look at the length and chunk automatically getCookie could look at the content of the first cookie, if it indicates chunking (fex. chunks-2) it could join the values together. deleteCookie should also check for chunks

Workarounds are possible:

• leave data out of the session (but you might need that data in a lot of places)
• store data in separate cookie, plain text (because you don't want to bother, but it's not safe)
• store data in separate cookie, sealed (but now you need to copy the encryption code, manage the same settings)...

Some references:

https://github.com/supabase/auth-helpers/blob/84ef39c4a498a94717660842a20df3d10b86c794/packages/ssr/src/utils/chunker.ts

https://github.com/dotnet/aspnetcore/blob/main/src/Shared/ChunkingCookieManager/ChunkingCookieManager.cs

Additional information

• [x] Would you be willing to help implement this feature?

[pi0]

Interesting approach. I think it can lift up 4k per cookie size by browsers. But we have to also consider overall headers size by servers is usually also limited (i guess around 16kb in latest node) so we are essentially just buying little more time until we hit the limit again.

Regardless it is not a bad idea try.

I feel it would be nice if we first draft a generic impl of internal chunked cookie utils (same as setCookie but sets main value something like "chunked:size" + sub cookies (re set should also be aware of this and properly cleanup)

Feel free to draft a PR against main for this step. It should be unit testable and new internal util)