FWD » Core Development » User Interface

After multiple logins to Web Client I got the HTTP 413 Payload Too Large response on the OS login.
I understand that this is due to a huge number of cookies the browser attempts to send.
I use Google Chrome Version 81.0.4044.138 (Official Build) unknown (64-bit)

Cookie: Auth-bafb762d-e016-4a6e-bfb6-fa13c00c3a95=d0f959879a08dc3a23a44ffdeadbbfbd5083096a; Auth-0ca62c0a-7320-45a6-b5a1-76d5415a8d8a=735436dabb7d404d4e7897b6c52838dade620462; Auth-002752f0-3cdb-415e-ba56-f7608797dc6d=2ae9e3db9c5d2abafa6c77d017b903eb9d00915a; Auth-79b11ead-91b8-4a8d-873f-5e82a1d64f3a=7c713ad0831784680ac8b60c3bdaf5f0e9a8e48f; Auth-c45b685d-394e-4301-a9bd-6bfa7d6a890c=50d25df9e53a52dfcefa65f8686fa25d4974f0c6; Auth-ec35bd83-b732-4c0e-b1d0-d4b6a3e283e2=c16f6bd610b652e0a2cdfa86f19c523035158ced; Auth-061e007b-d2ad-4b0f-ab50-eb54e058e487=264d91bd4a3c1be97ed50a6abba681feca09e29f; Auth-7b9a1419-5b2b-4b57-b5ad-1f08554db5b2=3a63bc47acbd0a70acfb71cc37176a8b541d31b9; Auth-7fa2365b-29ec-4aa9-93bd-7738b83361e4=1cdaaeb749b55c46e8ee2382797ade61e3041100; Auth-69002ddf-b5ec-444a-b532-493af415be32=b12f7919ce43e7491572240574533e36d363ec8b; Auth-a5bf1ed8-6f05-49b8-bae9-31d111f29434=8a0ea76749f3cbe78e064b8d87cbcc687bf0ec26; Auth-849a1444-4cb3-429f-8e67-e4abd6826c0f=2ceb5250df9e1402c493fa048d5aa815ecee5772; Auth-f336346b-307e-49cc-9142-6a550b0b052c=a7e52c05de3b573cf3142a830959e38c565174dd; Auth-61db4a70-ebed-4bb8-93d9-ddf24d5d34a5=e037ed5c402660a0a783369068f4d33ac800a969; Auth-70ff14dc-0298-4c33-b7c8-ba2bfd402d30=77b8fd67e2b129ee5443c5a9f648271ac56ae109; Auth-91f26a19-998c-4d9f-849f-5068ec20d463=abc8dff9dc9d12fe7b7db50c054207647550991e; Auth-705a6f62-bb41-45cb-89d5-a51747f89f91=0fee1b138bbb164a2759ed925032c80e156308e7; Auth-152c7eae-2688-4c7c-a010-bc8c1ea2e421=d028b232749720d5f3a503795ec100707ad5645e; Auth-201b222b-74b8-4b7c-bbf1-7cb031af2d18=2989d5b621416f95e92fc333fa1965080aec3aad; Auth-12982901-24e3-47dd-afbb-c7519bb608db=8abb81e49a08e8b2f050cc2c4a56918f97cc68c6; Auth-da893133-749b-438f-a11d-ab0e9479975a=7e5751fac7286ea7b1266b491e337c30acc29cee; Auth-50fda484-3272-4c3a-b142-1fdc3aabb77d=693637df8ba4623000548890622b28fec739a5c3; Auth-04d54cdc-ef36-4928-85d6-7a15c0b8b522=fde698c9dca61f8ba81a250a76d2a59f84ef179e; Auth-bb40b414-8535-4165-ae34-cd43df25fd6d=232a268e10026238f78c48ed7bd708228f3fe50d; Auth-4acd8c67-30fa-4910-a052-afc4590b5357=1b63051f2cb177c8b3c31c5a0da8cdb8e1fd31ad; Auth-009aab8a-dee1-49f3-aa38-9e334b4a8e4c=4a5948176448a205892748cd083f2fc415643e73; Auth-871a7698-d110-4788-9031-fef55e4b0595=1560dbc47af5b21ffb8d4f9a5f6e2908c8e806a4; Auth-7fc1b08c-d74f-41d2-8a51-e3955561a23c=e84a3878bb6ad0221d730d1df1124ad4b719f8ab; Auth-b616fc1a-4e8f-4dde-a1ed-f854430f0339=1490a289222da9fa525c44233e5e2894752589cf; Auth-1f12ebd6-5547-416a-a85c-674d39f99b7a=7b5aca7c513e5fec4e8b051fb48bf14a29f4db1d; Auth-cf70c070-bc44-415b-abcd-3c291b45c9ff=c9d429f27cade941ca2305fec4d254d1d9435262; Auth-ca78a9fb-c4c5-416c-8610-f8b101e79e84=8f1ed1e6d67691a30c1e5f5fdefb22302f34b66d; Auth-db1aa9ba-6af5-4532-9a35-4e553e3ea7e9=093a836985cce9b84312e26f88381eb950e1c3f5; Auth-1721030d-875c-4d2c-aa06-8abacf9acc73=5d7e930a6a29ede4736862a8c09bdd2ec39e43aa; Auth-5d85f476-8dc1-4939-baf9-8d5b83ce34fd=0cbbeb4992652bbf3dbb9c6a4663a72f23b032a9; Auth-98e11356-8301-4397-a55b-9ecf7521f95c=e4e1d6210a52f1bf575c20e0fd98e9d801e5e5ca; Auth-2677878d-6df5-40dd-8b16-e6af67960325=6be501a0fe7b7e50947ee9bf6d5287050b6d4c7b; Auth-9bc10345-b9db-4b02-be3a-4e7ce917484c=07e4e5029821cd1e7aefe3d2c6ac2ce7ab33c2db; Auth-1da04b2c-65f1-44db-8941-40f0435624e9=0fcb368c210ac7ac5dc26cbd7cf3f5f14b695018; Auth-f5dc2fd4-91b0-4fe5-bb25-b5a26d507890=587c93ba4cc4aec0f99cdc84ec0fd35ae7667913; Auth-2e5cc0c7-8eae-459c-a96b-018773aebba8=0c56953cc46d7b92c6744339769026564172d986; Auth-d4a5c98b-2d68-4a38-94c7-0206f142e466=4acf62bfa4bc08795961531cfd56c824559fc591; Auth-b75982e8-5920-4554-88aa-43307d437d26=79db253bea7192cc3cd49a0fcd156a19e502246d; Auth-ea415775-ab70-46e6-ac2a-c5b0eae62739=e2ca9582102f74de341b4b2fd956fe0c2279a662; Auth-a63f9400-631c-483f-b8aa-a5dcca075137=31dabb10ed9f5a4e018ceda30fb536488e84fc4e; Auth-d1b4963e-2be7-40ec-b312-a2d21e1ef4b5=acd120595e8d960ac223582c32cb02578a8dff0e; Auth-45b2864e-c3ed-4f62-b742-6d0d30753d99=4e9f6c1ba7e42d6d81d5a3d9213420da0ab64215; Auth-a08a9e66-68b7-48a2-ad42-da7c6126a410=913ee7273fda686eabb4ba3d9d5e9764c1fdc294; Auth-d19156fd-83f8-43c9-b7c4-185f0604c384=09e87b695eb225e5c257cab9d7f3810f6065e5af; Auth-255a9ccb-4ceb-4c00-9c2f-17c0c73b2689=469912d63506c561ca2c93f40020a421246e30cd; Auth-97315f5e-348f-48b8-9d8b-fe846d316995=934fe14cda99ff0c9434efcb9f7d883c47ceee8e; Auth-0bf6933f-2183-45e5-8291-3a96930058a7=e336e835deaab78f8fbb65c2649a1609d510c7bf; Auth-9c6ed21c-2e64-4cf7-92a4-476bb7f8fa0b=20e47197727b73ece49005f031f731cdfeb8ded8; Auth-57bb8a65-3ab6-4403-bd1f-06639b5d8383=ba1c7ff21db5ae330f4adc47bb6d92044c37cf28; Auth-6eb31f1f-8f99-40be-b765-430fb85e28f7=78391d5bba852f6b00b080535de8867007eaa727; Auth-83fb009a-ede9-40f5-adc7-dfd1ec125f84=8ea449af68f1e3c42589cb75d12deba830b9514a; Auth-9a419303-2005-4e65-81a7-e6770bcbd83c=0f9c8b24a7e31b77d84d66f2204adbf20a5b14d7; Auth-b323ad09-23ad-4e68-b905-ad1414eb9880=24eae3d5f2631f23e65ed00330b1aa405d5eb9a9; Auth-0fddbfe4-e14d-49ee-92c8-d2d0d7d4f252=80e8ee59cd32b0b9d1ed51399be5a301d469ba71; Auth-ca282667-0444-4fe7-bb7d-d87f18be62ce=4d9b728d2156843a0752ea640193f6fe80d1ad4b; Auth-5d8740de-b018-4ad4-951e-2394448f5112=87b54b54acc4145794bb08e1c06ad43c06bd8e52; Auth-56936bbe-042f-47ee-8cbd-a95a98f6b807=d7fc049815a41592b4d9c847b7575efef6d85e06; Auth-7613166d-253f-4393-b95e-879bf00393af=fa49a0d4af3e16da37adc0a5c6ac351dfe30324b; Auth-2ee222a3-7bed-462b-a435-7d4f8b2bc3e1=4f80a0324fb1afa8e11454554abd931d69436ee9; Auth-c175ab26-7d02-4de1-9777-7ca23eb091af=cfad6171c3eca2a88d06801f1704b8326286afa0; Auth-09d2c5eb-a373-4166-b508-b506b4d85025=c97ec07209c8aacc590ea1bf7d8b39f201a30e1c; Auth-edd210e8-1786-4690-bf91-a71f95b28a87=8eeb8e59dbf6c69449cb102c7fa74d6aa0c367c6; Auth-cc452a88-a111-49fc-9c0a-e38f1b11bff7=15f2fc4009e482ee4e8f06e3eaf0af9e28218c01; Auth-2551331a-149f-464a-a248-97c8eeba1b06=1cd3ade3fd5d04597fcde2bd0829d8cea0a0b845; Auth-bdcde70f-9c41-47fc-87b7-fa49f175d3c4=f0c73319d4efaeae9d4fc2b8ed7ec32dea89306b; Auth-34dac442-bea0-4d56-a6c2-1ecd7b3220c5=fdf6e4e8f49da7f76f3438b6fa6774798b0235e5; Auth-241058f1-97a2-4268-89af-584c53b80d03=0beafd21140ca754288f515799f57d8cec0b9680; Auth-81df05c5-fbf4-4ec1-bb00-0ea320b724c0=5a3f94fa41211af2dccd50f0538f968d722622b9; Auth-75860e59-a1ba-4b3c-8e7c-27e2fc5dafe5=705cc32818524a3d7ae909f85b9d1c8e830d3370; Auth-9e68491a-13cb-4ce3-8f38-a6ab5c8ce872=f05873466561371a91675594df1529bcff25c229; Auth-e75f70b9-678a-4562-8f8c-b86fe31817d6=091f53598cea90313ccd65744c3ef202b146e534; Auth-329b56f7-85b0-4a2d-ae30-e6f8770960d4=61b45402930dd9ad2339a0a36995a591b8be6fa6; Auth-f63ec3e8-dc22-4689-a4c7-ec1aa6bca3f2=ec7e50dc483130a52b85de3207aacc7465ee3e5f; Auth-fba9bca6-f141-48cc-8dfc-c5b512f38463=295769ec1de25bb0b004b951acb9ba36c5b2d059; Auth-dc389120-cfa1-4923-82a5-e84c5d45ceb1=7476a250f0ddff84b11f3aa546625f5fa47d1339; Auth-603fb2b1-f8f9-48be-9251-751a304bdbcd=b835ab6ea5127f942a14bbfd1d9bbaa9ab34aa5d; Auth-67f53f5c-2033-4dc9-a989-19e3a6ac8f49=d112fdf4033a95ea8a27cf3abbc947ffe6c8a9b4; Auth-e0b01236-9c80-4753-ab74-f42caedf7ffd=8873d02127b0a7f7995089f1156a586cc66ce353; Auth-a293007e-6f53-47d8-b706-a4a386684e54=0ddc5470c360966152c5cf7449955ecbf2b4db49; Auth-93af6d1b-72f7-4e33-a1c3-e500e536036e=22b126276f31fac06d9ae6d81d30bc997b7e74bf; Auth-832e09e2-06a6-41a0-897e-134ed92b76b4=cfa3c590cefd306023f53b275e0bffa2e6a03759; Auth-32de6a48-65c4-4a1b-a4ac-ff941556a4c9=aca864d57f0cae41a1b0e4a58e67b873ee84e3fb; Auth-bd5e8538-026d-4af2-9f60-fe9c3d6a5c6d=ecba91c2761b81ece8c236d05b7cd44a0f3cb2bd; Auth-61fc9ad9-883c-426c-82e4-075708a1e7e3=68529a96e0f9319386cc1c42de83392d8eb42989; Auth-1d00032e-18d9-4aed-8b2b-82609d06c68a=e486c2ae3e8ae3ea10e3ab33d04cced632d5928d; Auth-670ffe31-78cb-451e-b2a3-f8739f4b33ad=09ad2028e3af03c3b237ad934008b055317035c8; Auth-2b8dd9ae-4dd5-45e5-bde9-9fac1846

Is the recreate to use Hotel GUI in virtual desktop mode and to OS login/logout many times until the problem occurs?

Greg Shah wrote:

Is the recreate to use Hotel GUI in virtual desktop mode and to OS login/logout many times until the problem occurs?

It is recreated with Hotel GUI. I've used it in virtual desktop mode for the first time (as far as I remember) but the OS Login URL is the same as for the other application I've logged in to multiple times.

From Sergey:

I would like to notify about this issue that today I observed the first time today when testing Hotel_GUI repeatedly within an hour using Firefox web client.

Finally I got https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/431 and ffter deleting all cookies for the target site, in my cases it was https://192.168.1.37:7443, the issue was gone.

Sergey Ivanovskiy wrote:

Does it make sense to implement the server side solution by setting response header Clear-Site-Data: "cookies" if the embedded web server is about to be shutdown since https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data warns that Safari doesn't support this header, Clear-Site-Data?

Beware that there are cookies we want to keep after the session ends. I'm aware of the GUI renderer options set by the user for example.

Yes, I didn't observe that cookies with these keys "renderer" and "graphicsCached" should be persistent. These changes rev 12096(3821c) should help to remove only cookies with authorization tokens. Their keys start with "auth-".

Sergey Ivanovskiy wrote:

Yes, I didn't observe that cookies with these keys "renderer" and "graphicsCached" should be persistent. These changes rev 12096(3821c) should help to remove only cookies with authorization tokens. Their keys start with "auth-".

Sergey, the changes are OK. Just please replace if (key.substring(0, 4).toLowerCase() == "auth-") with a different construct to prevent unexpected IndexOutOfBoundsException.

It seems that substring(indexStart, indexEnd) is safe and doesn't throw index out of bound exception. MDN said that if the second index is more than the string length, then it is treated as it is equal to the string length. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substring

I changed this condition if (key.substring(0, 4).toLowerCase() = = "auth-") to if (key.substring(0, 5).toLowerCase() == "auth-") in the rev 12097(3821c) because indexEnd is an exclusive index.

The ECMA 262 specification https://tc39.es/ecma262/#sec-string.prototype.substring also states the same specification for substring as its MDN doc.

Sergey Ivanovskiy wrote:

It seems that substring(indexStart, indexEnd) is safe and doesn't throw index out of bound exception. MDN said that if the second index is more than the string length, then it is treated as it is equal to the string length. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substring

Right, this is JS not Java :-).

Sergey Ivanovskiy wrote:

I changed this condition if (key.substring(0, 4).toLowerCase() = = "auth-") to if (key.substring(0, 5).toLowerCase() == "auth-") in the rev 12097(3821c) because indexEnd is an exclusive index.

The changes are OK.