Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25046

Cookie header too long, causing a 413 HTTP error

    XMLWordPrintable

Details

    • Jenkins 2.184

    Description

      Each time Jenkins (re)starts, its session-cookie name changes (ie JSESSIONID.some_random_string).

      After a while, the browser have a bunch of session cookies, each one having a different name, causing the "Cookie" request header to be very long. The server returns a HTTP 413 response and a blank page. The user must clean his cookies in order to access Jenkins again.

       

      Workaround: Since Jenkins 2.66 there are custom options for managing Jetty session IDs: https://github.com/jenkinsci/extras-executable-war/#jetty-session-ids

      Attachments

        Issue Links

          Activity

            oleg_nenashev Oleg Nenashev added a comment -

            https://github.com/jenkinsci/jenkins/pull/3939 was integrated and released in 2.184. I marked it as the LTS candidate, but I am not sure it will be considered for backporting by olivergondza talking the rebase issues in the pull request. Whomever is interested, please feel free to suggest a clean pull request against the LTS branch

             

            oleg_nenashev Oleg Nenashev added a comment - https://github.com/jenkinsci/jenkins/pull/3939  was integrated and released in 2.184. I marked it as the LTS candidate, but I am not sure it will be considered for backporting by olivergondza talking the rebase issues in the pull request. Whomever is interested, please feel free to suggest a clean pull request against the LTS branch  
            jameshowe James Howe added a comment -

            This looks like it might be back in 2.303.1

            Clearing cookies (of which there were many) fixed it.

            jameshowe James Howe added a comment - This looks like it might be back in 2.303.1 Clearing cookies (of which there were many) fixed it.

            I recognize what you are saying. We are having a loop in our SSO login procedure and if we remove the Cookie mentioned here it works again. This is with LTS 2.319.2.

            matthias_glastra Matthias Glastra added a comment - I recognize what you are saying. We are having a loop in our SSO login procedure and if we remove the Cookie mentioned here it works again. This is with LTS 2.319.2.
            jsoref Josh Soref added a comment -

            File a new ticket. Provide a lot of information.

            Please leave me out if it.

            jsoref Josh Soref added a comment - File a new ticket. Provide a lot of information. Please leave me out if it.

            Sure no problem. Sorry bringing it up.

            matthias_glastra Matthias Glastra added a comment - Sure no problem. Sorry bringing it up.

            People

              jsoref Josh Soref
              ericcitaire Eric Citaire
              Votes:
              39 Vote for this issue
              Watchers:
              43 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: