Cookies in the pack – Orient Me displays error messages

Posted by

In our environment, cookies are used heavily for authentication and sessions. Huge cookies from Keycloak, LtpaTokens, JSESSIONID’s, sametimeJwt tokens and stuff from other subdomains.

Once the Request Header goes over 8k in size, Orient-Me fails to load suggestions stuff. Or “Could not load the activity stream. The request timed out” is a typical message.

Why does it happen? The Component Pack (<=7.0.2) uses a Node.js version where the max header size is set to 8k. Workaround
Until the Node.js versions in the componetpack have been upgraded I use the following as a workaround.

Inside my ihs config I added this to remove the sametimeJwt cookie from the requests.


SetEnvIfNoCase Request_URI "^/appreg.*" noCookie
SetEnvIfNoCase Request_URI "^/community_suggestions/.*" noCookie
SetEnvIfNoCase Request_URI "^/social/.*" noCookie
SetEnvIfNoCase Request_URI "^/itm/.*" noCookie
RequestHeader edit* Cookie "^(.*?)sametime[jJ][Ww][Tt]=.*?(?:$|;)(.*)$" $1$2 env=noCookie

This will remove the cookie from the proxy request to the componentpack.