Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25046

Cookie header too long, causing a 413 HTTP error

    • Jenkins 2.184

      Each time Jenkins (re)starts, its session-cookie name changes (ie JSESSIONID.some_random_string).

      After a while, the browser have a bunch of session cookies, each one having a different name, causing the "Cookie" request header to be very long. The server returns a HTTP 413 response and a blank page. The user must clean his cookies in order to access Jenkins again.

       

      Workaround: Since Jenkins 2.66 there are custom options for managing Jetty session IDs: https://github.com/jenkinsci/extras-executable-war/#jetty-session-ids

          [JENKINS-25046] Cookie header too long, causing a 413 HTTP error

          Josh Soref added a comment -

          A code fix was delivered 

          If an app crashes once and a code fix is delivered to make it stop crashing and it later crashes again, that is not a good reason to reopen the bug. In that model you'd only need ~5 bugs and they'd constantly be reopened.

          Josh Soref added a comment - A code fix was delivered  If an app crashes once and a code fix is delivered to make it stop crashing and it later crashes again, that is not a good reason to reopen the bug. In that model you'd only need ~5 bugs and they'd constantly be reopened.

          James Howe added a comment -

          If the code fix didn't work and exactly the same issue is still there, then it 100% should be reopened.

          If the bugs actually get fixed then they can stay closed.

          James Howe added a comment - If the code fix didn't work and exactly the same issue is still there, then it 100% should be reopened. If the bugs actually get fixed then they can stay closed.

          Dmitry Mikhirev added a comment - - edited

          I don't uderstand what fix you are talking about. The problem is that by default a new ID is generated each time Jenkins is restarted, and I don't see any changes to this behavior in git history. There's only a ugly workaround that nobody knows about until he face the issue and spend several hours as minimum to investigate it.

          Dmitry Mikhirev added a comment - - edited I don't uderstand what fix you are talking about. The problem is that by default a new ID is generated each time Jenkins is restarted , and I don't see any changes to this behavior in git history. There's only a ugly workaround that nobody knows about until he face the issue and spend several hours as minimum to investigate it.

          Josh Soref added a comment -

          The code fix did work and was fine for more than enough time.

           

          File a new ticket. 

          Josh Soref added a comment - The code fix did work and was fine for more than enough time.   File a new ticket. 

          Josh Soref added a comment -

          A change to that code would be a significant behavior change and would not have the same summary as this ticket. 

          Josh Soref added a comment - A change to that code would be a significant behavior change and would not have the same summary as this ticket. 

          > The code fix did work and was fine for more than enough time.
          Again, it is not a fix, it is just a workaround that does not work with default settings.

          > A change to that code would be a significant behavior change and would not have the same summary as this ticket.
          It is not a significant change, just adding couple lines of code. Try to load a stored ID, if not successful generate a new one and store it.

          Dmitry Mikhirev added a comment - > The code fix did work and was fine for more than enough time. Again, it is not a fix, it is just a workaround that does not work with default settings. > A change to that code would be a significant behavior change and would not have the same summary as this ticket. It is not a significant change, just adding couple lines of code. Try to load a stored ID, if not successful generate a new one and store it.

          reopen

          Dmitry Mikhirev added a comment - reopen

          Mark Waite added a comment -

          bizdelnick as requested by jsoref, please open a new issue. Reopening this issue is not helping you get a fix and is not helping others.

          I am acting in my role as a member of the Jenkins board by making this request. I believe that the request from Josh to open a new ticket is reasonable.

          Mark Waite added a comment - bizdelnick as requested by jsoref , please open a new issue. Reopening this issue is not helping you get a fix and is not helping others. I am acting in my role as a member of the Jenkins board by making this request. I believe that the request from Josh to open a new ticket is reasonable.

          I won't stop reopening this issue. There were issues opened by other users about this bug that were closed as duplicates of this one, so I conclude filing a new issue does not work.
          The bug, reported here, was not fixed. The provided workaround "if you don't want this happen to you, go change your system properties" is not acceptable.

          Dmitry Mikhirev added a comment - I won't stop reopening this issue. There were issues opened by other users about this bug that were closed as duplicates of this one, so I conclude filing a new issue does not work. The bug, reported here, was not fixed. The provided workaround "if you don't want this happen to you, go change your system properties" is not acceptable.

          Zaitcev Peter added a comment -

          I can agree with Dmitry. Since Cookies can be controlled on the server side, the server is responsible for deleting the obsolete ones.

          Zaitcev Peter added a comment - I can agree with Dmitry. Since Cookies can be controlled on the server side, the server is responsible for deleting the obsolete ones.

            Unassigned Unassigned
            ericcitaire Eric Citaire
            Votes:
            44 Vote for this issue
            Watchers:
            43 Start watching this issue

              Created:
              Updated: