Replies: 1 comment
-
Hi @Kludex, I don't believe this is quite a "Q&A" (as it has been tagged - I've already identified the problem and worked my way around it). Does the developers have any take on whether this is a reasonable behaviour to expect (i.e. the silent reverting of cookies/session if the size of said cookie/session gets too big)? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I noticed that a really weird thing that can happen when setting
request.session
objects that are too large (without any trace/notice that it is happening).I noticed this when using authlib with fastapi, but the actual framework and library doesn't matter; what matters is that this sequence of events was happening:
request.session
for oauth redirectHere are a couple of reasonable things one might expect in response to this:
What actually ends up happening is that the session state after 1 gets returned, no error or warning message or any sort of indication is being displayed that this is happening, and you go on a wild goose chase thinking it's an authlib issue.
I wasted 4 hours on this and at the very least would like to document this issue for posterity, but this is clearly an issue that needs to be reported to the user as an error or even a log, instead of just silently reverting back to the previous state of the request.session (i.e. the state before authlib even cleared the
request.session
in request number 2.Important
Beta Was this translation helpful? Give feedback.
All reactions