h3 icon indicating copy to clipboard operation
h3 copied to clipboard

Published 20 hours ago verified publisher icon unjs

Chunk large session cookies

Open RihanArfan opened this issue 1 year ago • 1 comments

Describe the feature

When trying to set a session with data that exceeds 4096 characters, a cookie isn't created. To support session data with more than 4096 bytes, next-auth and dotnet chunk their cookies.

I'm trying to store a JWT access and refresh token within the session, and the JWT from my OAuth2 provider (Microsoft Entra ID) is rather large.

I'm using Atinux's nuxt-auth-utils library, however, it doesn't do anything special on top of h3's session which is why I'm reporting here. https://github.com/Atinux/nuxt-auth-utils/blob/main/src/runtime/server/utils/session.ts#L31-L37

  • https://stackoverflow.com/questions/60649050/javascript-set-cookie-max-size-is-exceeded-due-to-a-large-jwt-token
  • https://www.cyberchief.ai/2023/05/secure-jwt-token-storage.html
  • https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.cookies.chunkingcookiemanager

Additional information

  • [X] Would you be willing to help implement this feature?

RihanArfan avatar Feb 05 '24 10:02 RihanArfan