✅ SESSION COOKIE SIZE FIX - Browser Crash Resolved
Motivation
Symptoms:
- Webpage frozen
- Browser crashes ("Aw, Snap!")
- Repeated console warnings:
Session cookie exceeds allowed 4096 bytes - Session cookie size: 8031 bytes (double the limit!)
- Infinite loop of
/api/chat/conversationsrequests
Root Cause: The entire OIDC groups array (40+ groups) was being stored in the JWT token, which is then serialized into session cookies. This caused:
- 8KB session cookies (limit is 4KB)
- Browser cookie overflow
- Memory exhaustion
- Page crashes
Testing Strategy
1. Stop Your Current Server
Your server is likely in a crash loop. Kill it:
# Press Ctrl+C in the terminal running npm run dev
# Or find and kill the process
pkill -f "next dev"
2. Clear Browser Data
Important: Clear cookies and localStorage to remove the corrupted session:
# In browser DevTools Console:
localStorage.clear();
document.cookie.split(";").forEach(c => {
document.cookie = c.replace(/^ +/, "").replace(/=.*/, "=;expires=" + new Date().toUTCString() + ";path=/");
});
Or manually:
- Chrome: DevTools → Application → Clear site data
- Firefox: DevTools → Storage → Clear all
3. Restart Server
cd ui
npm run dev
4. Verify Fix
Check server logs - you should NO LONGER see:
❌ [next-auth][debug][CHUNKING_SESSION_COOKIE] {
message: 'Session cookie exceeds allowed 4096 bytes.',
...
}
Check browser console - should be clean, no cookie warnings
Test login:
- Navigate to
http://localhost:3000 - Sign in with OIDC
- Should load normally (no freeze!)
- Check admin access works
✅ Status
FIXED: Session cookie size reduced from 8KB to less than 1KB
Action Required:
- ✅ Code updated
- ⚠️ RESTART YOUR SERVER
- ⚠️ CLEAR BROWSER COOKIES
- ✅ Test login
- ✅ Verify admin access
Author: Sri Aradhyula (sraradhy@cisco.com) Date: 2026-01-30 Severity: CRITICAL Status: ✅ RESOLVED
Related
- Architecture: architecture.md