Bug #4826
HTTP 413 error with Web Client
100%
History
#1 Updated by Igor Skornyakov almost 4 years ago
After multiple logins to Web Client I got the HTTP 413 Payload Too Large response on the OS login.
I understand that this is due to a huge number of cookies the browser attempts to send.
I use Google Chrome Version 81.0.4044.138 (Official Build) unknown (64-bit)
Cookie: Auth-bafb762d-e016-4a6e-bfb6-fa13c00c3a95=d0f959879a08dc3a23a44ffdeadbbfbd5083096a; Auth-0ca62c0a-7320-45a6-b5a1-76d5415a8d8a=735436dabb7d404d4e7897b6c52838dade620462; Auth-002752f0-3cdb-415e-ba56-f7608797dc6d=2ae9e3db9c5d2abafa6c77d017b903eb9d00915a; Auth-79b11ead-91b8-4a8d-873f-5e82a1d64f3a=7c713ad0831784680ac8b60c3bdaf5f0e9a8e48f; Auth-c45b685d-394e-4301-a9bd-6bfa7d6a890c=50d25df9e53a52dfcefa65f8686fa25d4974f0c6; Auth-ec35bd83-b732-4c0e-b1d0-d4b6a3e283e2=c16f6bd610b652e0a2cdfa86f19c523035158ced; Auth-061e007b-d2ad-4b0f-ab50-eb54e058e487=264d91bd4a3c1be97ed50a6abba681feca09e29f; Auth-7b9a1419-5b2b-4b57-b5ad-1f08554db5b2=3a63bc47acbd0a70acfb71cc37176a8b541d31b9; Auth-7fa2365b-29ec-4aa9-93bd-7738b83361e4=1cdaaeb749b55c46e8ee2382797ade61e3041100; Auth-69002ddf-b5ec-444a-b532-493af415be32=b12f7919ce43e7491572240574533e36d363ec8b; Auth-a5bf1ed8-6f05-49b8-bae9-31d111f29434=8a0ea76749f3cbe78e064b8d87cbcc687bf0ec26; Auth-849a1444-4cb3-429f-8e67-e4abd6826c0f=2ceb5250df9e1402c493fa048d5aa815ecee5772; Auth-f336346b-307e-49cc-9142-6a550b0b052c=a7e52c05de3b573cf3142a830959e38c565174dd; Auth-61db4a70-ebed-4bb8-93d9-ddf24d5d34a5=e037ed5c402660a0a783369068f4d33ac800a969; Auth-70ff14dc-0298-4c33-b7c8-ba2bfd402d30=77b8fd67e2b129ee5443c5a9f648271ac56ae109; Auth-91f26a19-998c-4d9f-849f-5068ec20d463=abc8dff9dc9d12fe7b7db50c054207647550991e; Auth-705a6f62-bb41-45cb-89d5-a51747f89f91=0fee1b138bbb164a2759ed925032c80e156308e7; Auth-152c7eae-2688-4c7c-a010-bc8c1ea2e421=d028b232749720d5f3a503795ec100707ad5645e; Auth-201b222b-74b8-4b7c-bbf1-7cb031af2d18=2989d5b621416f95e92fc333fa1965080aec3aad; Auth-12982901-24e3-47dd-afbb-c7519bb608db=8abb81e49a08e8b2f050cc2c4a56918f97cc68c6; Auth-da893133-749b-438f-a11d-ab0e9479975a=7e5751fac7286ea7b1266b491e337c30acc29cee; Auth-50fda484-3272-4c3a-b142-1fdc3aabb77d=693637df8ba4623000548890622b28fec739a5c3; Auth-04d54cdc-ef36-4928-85d6-7a15c0b8b522=fde698c9dca61f8ba81a250a76d2a59f84ef179e; Auth-bb40b414-8535-4165-ae34-cd43df25fd6d=232a268e10026238f78c48ed7bd708228f3fe50d; Auth-4acd8c67-30fa-4910-a052-afc4590b5357=1b63051f2cb177c8b3c31c5a0da8cdb8e1fd31ad; Auth-009aab8a-dee1-49f3-aa38-9e334b4a8e4c=4a5948176448a205892748cd083f2fc415643e73; Auth-871a7698-d110-4788-9031-fef55e4b0595=1560dbc47af5b21ffb8d4f9a5f6e2908c8e806a4; Auth-7fc1b08c-d74f-41d2-8a51-e3955561a23c=e84a3878bb6ad0221d730d1df1124ad4b719f8ab; Auth-b616fc1a-4e8f-4dde-a1ed-f854430f0339=1490a289222da9fa525c44233e5e2894752589cf; Auth-1f12ebd6-5547-416a-a85c-674d39f99b7a=7b5aca7c513e5fec4e8b051fb48bf14a29f4db1d; Auth-cf70c070-bc44-415b-abcd-3c291b45c9ff=c9d429f27cade941ca2305fec4d254d1d9435262; Auth-ca78a9fb-c4c5-416c-8610-f8b101e79e84=8f1ed1e6d67691a30c1e5f5fdefb22302f34b66d; Auth-db1aa9ba-6af5-4532-9a35-4e553e3ea7e9=093a836985cce9b84312e26f88381eb950e1c3f5; Auth-1721030d-875c-4d2c-aa06-8abacf9acc73=5d7e930a6a29ede4736862a8c09bdd2ec39e43aa; Auth-5d85f476-8dc1-4939-baf9-8d5b83ce34fd=0cbbeb4992652bbf3dbb9c6a4663a72f23b032a9; Auth-98e11356-8301-4397-a55b-9ecf7521f95c=e4e1d6210a52f1bf575c20e0fd98e9d801e5e5ca; Auth-2677878d-6df5-40dd-8b16-e6af67960325=6be501a0fe7b7e50947ee9bf6d5287050b6d4c7b; Auth-9bc10345-b9db-4b02-be3a-4e7ce917484c=07e4e5029821cd1e7aefe3d2c6ac2ce7ab33c2db; Auth-1da04b2c-65f1-44db-8941-40f0435624e9=0fcb368c210ac7ac5dc26cbd7cf3f5f14b695018; Auth-f5dc2fd4-91b0-4fe5-bb25-b5a26d507890=587c93ba4cc4aec0f99cdc84ec0fd35ae7667913; Auth-2e5cc0c7-8eae-459c-a96b-018773aebba8=0c56953cc46d7b92c6744339769026564172d986; Auth-d4a5c98b-2d68-4a38-94c7-0206f142e466=4acf62bfa4bc08795961531cfd56c824559fc591; Auth-b75982e8-5920-4554-88aa-43307d437d26=79db253bea7192cc3cd49a0fcd156a19e502246d; Auth-ea415775-ab70-46e6-ac2a-c5b0eae62739=e2ca9582102f74de341b4b2fd956fe0c2279a662; Auth-a63f9400-631c-483f-b8aa-a5dcca075137=31dabb10ed9f5a4e018ceda30fb536488e84fc4e; Auth-d1b4963e-2be7-40ec-b312-a2d21e1ef4b5=acd120595e8d960ac223582c32cb02578a8dff0e; Auth-45b2864e-c3ed-4f62-b742-6d0d30753d99=4e9f6c1ba7e42d6d81d5a3d9213420da0ab64215; Auth-a08a9e66-68b7-48a2-ad42-da7c6126a410=913ee7273fda686eabb4ba3d9d5e9764c1fdc294; Auth-d19156fd-83f8-43c9-b7c4-185f0604c384=09e87b695eb225e5c257cab9d7f3810f6065e5af; Auth-255a9ccb-4ceb-4c00-9c2f-17c0c73b2689=469912d63506c561ca2c93f40020a421246e30cd; Auth-97315f5e-348f-48b8-9d8b-fe846d316995=934fe14cda99ff0c9434efcb9f7d883c47ceee8e; Auth-0bf6933f-2183-45e5-8291-3a96930058a7=e336e835deaab78f8fbb65c2649a1609d510c7bf; Auth-9c6ed21c-2e64-4cf7-92a4-476bb7f8fa0b=20e47197727b73ece49005f031f731cdfeb8ded8; Auth-57bb8a65-3ab6-4403-bd1f-06639b5d8383=ba1c7ff21db5ae330f4adc47bb6d92044c37cf28; Auth-6eb31f1f-8f99-40be-b765-430fb85e28f7=78391d5bba852f6b00b080535de8867007eaa727; Auth-83fb009a-ede9-40f5-adc7-dfd1ec125f84=8ea449af68f1e3c42589cb75d12deba830b9514a; Auth-9a419303-2005-4e65-81a7-e6770bcbd83c=0f9c8b24a7e31b77d84d66f2204adbf20a5b14d7; Auth-b323ad09-23ad-4e68-b905-ad1414eb9880=24eae3d5f2631f23e65ed00330b1aa405d5eb9a9; Auth-0fddbfe4-e14d-49ee-92c8-d2d0d7d4f252=80e8ee59cd32b0b9d1ed51399be5a301d469ba71; Auth-ca282667-0444-4fe7-bb7d-d87f18be62ce=4d9b728d2156843a0752ea640193f6fe80d1ad4b; Auth-5d8740de-b018-4ad4-951e-2394448f5112=87b54b54acc4145794bb08e1c06ad43c06bd8e52; Auth-56936bbe-042f-47ee-8cbd-a95a98f6b807=d7fc049815a41592b4d9c847b7575efef6d85e06; Auth-7613166d-253f-4393-b95e-879bf00393af=fa49a0d4af3e16da37adc0a5c6ac351dfe30324b; Auth-2ee222a3-7bed-462b-a435-7d4f8b2bc3e1=4f80a0324fb1afa8e11454554abd931d69436ee9; Auth-c175ab26-7d02-4de1-9777-7ca23eb091af=cfad6171c3eca2a88d06801f1704b8326286afa0; Auth-09d2c5eb-a373-4166-b508-b506b4d85025=c97ec07209c8aacc590ea1bf7d8b39f201a30e1c; Auth-edd210e8-1786-4690-bf91-a71f95b28a87=8eeb8e59dbf6c69449cb102c7fa74d6aa0c367c6; Auth-cc452a88-a111-49fc-9c0a-e38f1b11bff7=15f2fc4009e482ee4e8f06e3eaf0af9e28218c01; Auth-2551331a-149f-464a-a248-97c8eeba1b06=1cd3ade3fd5d04597fcde2bd0829d8cea0a0b845; Auth-bdcde70f-9c41-47fc-87b7-fa49f175d3c4=f0c73319d4efaeae9d4fc2b8ed7ec32dea89306b; Auth-34dac442-bea0-4d56-a6c2-1ecd7b3220c5=fdf6e4e8f49da7f76f3438b6fa6774798b0235e5; Auth-241058f1-97a2-4268-89af-584c53b80d03=0beafd21140ca754288f515799f57d8cec0b9680; Auth-81df05c5-fbf4-4ec1-bb00-0ea320b724c0=5a3f94fa41211af2dccd50f0538f968d722622b9; Auth-75860e59-a1ba-4b3c-8e7c-27e2fc5dafe5=705cc32818524a3d7ae909f85b9d1c8e830d3370; Auth-9e68491a-13cb-4ce3-8f38-a6ab5c8ce872=f05873466561371a91675594df1529bcff25c229; Auth-e75f70b9-678a-4562-8f8c-b86fe31817d6=091f53598cea90313ccd65744c3ef202b146e534; Auth-329b56f7-85b0-4a2d-ae30-e6f8770960d4=61b45402930dd9ad2339a0a36995a591b8be6fa6; Auth-f63ec3e8-dc22-4689-a4c7-ec1aa6bca3f2=ec7e50dc483130a52b85de3207aacc7465ee3e5f; Auth-fba9bca6-f141-48cc-8dfc-c5b512f38463=295769ec1de25bb0b004b951acb9ba36c5b2d059; Auth-dc389120-cfa1-4923-82a5-e84c5d45ceb1=7476a250f0ddff84b11f3aa546625f5fa47d1339; Auth-603fb2b1-f8f9-48be-9251-751a304bdbcd=b835ab6ea5127f942a14bbfd1d9bbaa9ab34aa5d; Auth-67f53f5c-2033-4dc9-a989-19e3a6ac8f49=d112fdf4033a95ea8a27cf3abbc947ffe6c8a9b4; Auth-e0b01236-9c80-4753-ab74-f42caedf7ffd=8873d02127b0a7f7995089f1156a586cc66ce353; Auth-a293007e-6f53-47d8-b706-a4a386684e54=0ddc5470c360966152c5cf7449955ecbf2b4db49; Auth-93af6d1b-72f7-4e33-a1c3-e500e536036e=22b126276f31fac06d9ae6d81d30bc997b7e74bf; Auth-832e09e2-06a6-41a0-897e-134ed92b76b4=cfa3c590cefd306023f53b275e0bffa2e6a03759; Auth-32de6a48-65c4-4a1b-a4ac-ff941556a4c9=aca864d57f0cae41a1b0e4a58e67b873ee84e3fb; Auth-bd5e8538-026d-4af2-9f60-fe9c3d6a5c6d=ecba91c2761b81ece8c236d05b7cd44a0f3cb2bd; Auth-61fc9ad9-883c-426c-82e4-075708a1e7e3=68529a96e0f9319386cc1c42de83392d8eb42989; Auth-1d00032e-18d9-4aed-8b2b-82609d06c68a=e486c2ae3e8ae3ea10e3ab33d04cced632d5928d; Auth-670ffe31-78cb-451e-b2a3-f8739f4b33ad=09ad2028e3af03c3b237ad934008b055317035c8; Auth-2b8dd9ae-4dd5-45e5-bde9-9fac1846
#2 Updated by Greg Shah almost 4 years ago
Is the recreate to use Hotel GUI in virtual desktop mode and to OS login/logout many times until the problem occurs?
#3 Updated by Igor Skornyakov almost 4 years ago
Greg Shah wrote:
Is the recreate to use Hotel GUI in virtual desktop mode and to OS login/logout many times until the problem occurs?
It is recreated with Hotel GUI. I've used it in virtual desktop mode for the first time (as far as I remember) but the OS Login URL is the same as for the other application I've logged in to multiple times.
#4 Updated by Greg Shah over 3 years ago
From Sergey:
I would like to notify about this issue that today I observed the first time today when testing Hotel_GUI repeatedly within an hour using Firefox web client.
Finally I got https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/431 and ffter deleting all cookies for the target site, in my cases it was https://192.168.1.37:7443, the issue was gone.
#5 Updated by Sergey Ivanovskiy about 3 years ago
- Status changed from New to WIP
Please review the committed revision 12095 (3821c) that should clear authorization token cookies if the application page is redirected to the login page. The current page is redirected to the login page if MSG_QUIT
is happened or web socket connection is failed. I followed
https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie
https://stackoverflow.com/questions/179355/clearing-all-cookies-with-javascript
Does it make sense to implement the server side solution by setting response header Clear-Site-Data: "cookies"
if the embedded web server is about to be shutdown since https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data warns that Safari doesn't support this header, Clear-Site-Data
?
#6 Updated by Hynek Cihlar about 3 years ago
Sergey Ivanovskiy wrote:
Does it make sense to implement the server side solution by setting response header
Clear-Site-Data: "cookies"
if the embedded web server is about to be shutdown since https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data warns that Safari doesn't support this header,Clear-Site-Data
?
Beware that there are cookies we want to keep after the session ends. I'm aware of the GUI renderer options set by the user for example.
#7 Updated by Sergey Ivanovskiy about 3 years ago
Yes, I didn't observe that cookies with these keys "renderer" and "graphicsCached" should be persistent. These changes rev 12096(3821c) should help to remove only cookies with authorization tokens. Their keys start with "auth-".
#8 Updated by Hynek Cihlar about 3 years ago
Sergey Ivanovskiy wrote:
Yes, I didn't observe that cookies with these keys "renderer" and "graphicsCached" should be persistent. These changes rev 12096(3821c) should help to remove only cookies with authorization tokens. Their keys start with "auth-".
Sergey, the changes are OK. Just please replace if (key.substring(0, 4).toLowerCase() == "auth-")
with a different construct to prevent unexpected IndexOutOfBoundsException
.
#9 Updated by Sergey Ivanovskiy about 3 years ago
It seems that substring(indexStart, indexEnd)
is safe and doesn't throw index out of bound exception. MDN said that if the second index is more than the string length, then it is treated as it is equal to the string length. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substring
#10 Updated by Sergey Ivanovskiy about 3 years ago
I changed this condition if (key.substring(0, 4).toLowerCase() = = "auth-")
to if (key.substring(0, 5).toLowerCase() == "auth-")
in the rev 12097(3821c) because indexEnd
is an exclusive index.
#11 Updated by Sergey Ivanovskiy about 3 years ago
The ECMA 262 specification https://tc39.es/ecma262/#sec-string.prototype.substring also states the same specification for substring
as its MDN doc.
#12 Updated by Hynek Cihlar about 3 years ago
Sergey Ivanovskiy wrote:
It seems that
substring(indexStart, indexEnd)
is safe and doesn't throw index out of bound exception. MDN said that if the second index is more than the string length, then it is treated as it is equal to the string length. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substring
Right, this is JS not Java :-).
#13 Updated by Hynek Cihlar about 3 years ago
Sergey Ivanovskiy wrote:
I changed this condition
if (key.substring(0, 4).toLowerCase() = = "auth-")
toif (key.substring(0, 5).toLowerCase() == "auth-")
in the rev 12097(3821c) becauseindexEnd
is an exclusive index.
The changes are OK.
#14 Updated by Greg Shah about 3 years ago
- Start date deleted (
07/29/2020) - Status changed from WIP to Closed
- Assignee set to Sergey Ivanovskiy
- % Done changed from 0 to 100