Session cookies are too large when chunked

[steff-o]

Describe the problem

If the session cookie is too large and has to be chunked and If the setting for session.cookie.path is not set , the chunks are created too large. This results in the browser refusing to set the cookie, and the session is dropped which results in and 'endless' redirect loop.

Most likely this is due to the calculation of empty cookie length, that does not take into consideration that the final cookie will include additional cookie header values.

What was the expected behavior?

The session would be split into several chunks and reassembled again and the login would work.

Reproduction

• Step 1 Create a minimal application, nothing fancy
• Step 2 Configure response_type: 'code' That would probably create a big enough session (mine gets around 6k)
• Step 3 Do not configure a cookie path setting

Environment

• Version of this library used: 2.5.0
• Which framework are you using, if applicable:
• Other modules/plugins/libraries that might be involved:
• Any other relevant information you think would be useful:

[adamjmcgrath]

Hi @steff-o - this was fixed in #275

I just didn't get round to releasing the fix yet - I'll do that shortly and update this thread

[adamjmcgrath]

Released in https://github.com/auth0/express-openid-connect/releases/tag/v2.5.1