I’m working on a SAAS application that uses subdomains. For some reason users with long names who are part of companies with long subdomains aren’t able to access the app after logging in until the browser does a hard refresh. Until the refresh, they end up in a redirect loop. This seems to be isolated to Chrome and Firefox only. It seems like its an issue with cookie caching but I can’t be sure.
Has anyone seen this issue before?
After a little more digging I found this only happens when SSL is enabled. Over http there are no issues.
Resolved this by stripping the cookie down to as small as possible.
Turns out cookies over roughly 1kb require multiple packets to transfer. So, my guess is that only one packet can make it through our load balancer with SSL going? I can’t confirm the exact reason behind the issue but it seems to be resolved.
The Forms Auth cookie gets pretty large on its own (due to encryption / validation overhead), so it only takes a few properties to get over 1kb.