ASP.Net Core为我的应用程序处理了太多Cookie [英] ASP.Net Core makes too many cookies for my app to handle
问题描述
我有一个测试应用程序,用于测试与WSO2 Identity Server IDP的集成.单独运行时,它可以正常运行.它制作一个 .AspNetCore.Antiforgery cookie和一个 .AspNetCore.Cookies cookie.反伪造Cookie为190字节,主Cookie为3.7K字节.
I have a test application that I am using to test integration with my WSO2 Identity Server IDP. When run by itself it works just fine. It makes an .AspNetCore.Antiforgery cookie and an .AspNetCore.Cookies cookie. The anti-forgery cookie is 190 bytes and the main cookie is 3.7K bytes.
但是,如果我先登录另一个应用程序,然后加载我的测试工具页面,它将获得4个额外的cookie:
But if I login to another application first, then load my my test harness page, it get 4 additional cookies:
-
.AspNetCore.CookiesC1-4K字节 -
.AspNetCore.CookiesC2-4K字节 -
.AspNetCore.CookiesC3-4K字节 -
.AspNetCore.CookiesC4-1K字节
.AspNetCore.CookiesC1- 4K Bytes.AspNetCore.CookiesC2- 4K Bytes.AspNetCore.CookiesC3- 4K Bytes.AspNetCore.CookiesC4- 1K Bytes
这些额外的cookie使我超出了某种限制,因为页面加载时出现以下错误(而不是我的应用程序):
These additional cookies put me over a limit of some kind, because a page loads with the following error (instead of my application):
错误请求-请求太长
HTTP错误400.请求标头的大小太长.
Bad Request - Request Too Long
HTTP Error 400. The size of the request headers is too long.
我不知道如何查看这些额外的cookie中的内容,因为它们是基于64的(我认为它们是加密的).
I don't know how to see what is in these additional cookies because they are base 64 (and I think they are encrypted).
我的问题是,为什么ASP.Net core会因为我登录另一个站点(使用相同的WSO2 IDP,但使用不同的OIDC应用程序)而添加这么多额外的cookie?而且我可以防止它发生吗?
My question is, why would ASP.Net core add so many extra cookies just because I logged into another site (using the same WSO2 IDP, but a different OIDC application)? And can I prevent it from happening?
附加说明:
- 当我一遍又一遍地重现此内容以获取详细信息时,我注意到有时它可以添加额外的cookie,但不会给出错误消息.当发生这种情况时,唯一的区别似乎是
.AspNetCore.Cookies的原始cookie更改为读取"4块".而不是它的长期价值.但这仅在第二个应用程序上.另一个似乎可以用额外的大小加载它(我已经尝试过反转顺序...),我很困惑...
- As I reproduce this over and over to get details, I am noticing that sometimes it can add the extra cookies, but not give the error message. When that happens, the only difference seems to be that the original cookie of
.AspNetCore.Cookiesis changed to read "4 chunks" instead of its long value. But this is only on the second application. The other seems to be able to load it fine with the extra size (and I have tried reversing the order...) I am very confused...
推荐答案
当您的用户身份中的声明过多时,通常会发生这种情况.您可能会尝试做的就是修改应用程序,以便它仅在声明中保留有关用户的最常用信息,并对其他用户进行按需查找.
This often happens when you have too many claims in your user identity. What you might try doing is modifying your application so that it only keeps the most commonly used information about your user in claims and does an on-demand lookup for the others.
这篇关于ASP.Net Core为我的应用程序处理了太多Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
