log warning for any cookie values over 3600 bytes

Nginx response header limit is 4KiB. Leave extra margin for header name, cookie name, other cookie attrs, early warning.
ploxiln · Nov 26, 2018 · a629369 · a629369
1 parent bb036c8
commit a629369
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/oauthproxy.go b/oauthproxy.go
@@ -259,10 +259,6 @@ func (p *OAuthProxy) redeemCode(host, code string) (s *providers.SessionState, e
 func (p *OAuthProxy) MakeSessionCookie(req *http.Request, value string, expiration time.Duration, now time.Time) *http.Cookie {
 	if value != "" {
 		value = cookie.SignedValue(p.CookieSeed, p.CookieName, value, now)
-		if len(value) > 4096 {
-			// Cookies cannot be larger than 4kb
-			log.Printf("WARNING - Cookie Size: %d bytes", len(value))
-		}
 	}
 	return p.makeCookie(req, p.CookieName, value, expiration, now)
 }
@@ -281,6 +277,11 @@ func (p *OAuthProxy) makeCookie(req *http.Request, name string, value string, ex
 			log.Printf("Warning: request host is %q but using configured cookie domain of %q", domain, p.CookieDomain)
 		}
 	}
+	if len(value) > 3600 {
+		// nginx default response header limit is 4KiB, other software may have similar limits
+		// threshold includes margin for header name, cookie name, other cookie options
+		log.Printf("WARNING - %s cookie is very big: %d bytes", name, len(value))
+	}
 
 	return &http.Cookie{
 		Name:     name,