Step 1: As a first step, it is important to review the HAR file of the browser upon reproducing the issue. The objective of generating a HAR file is to verify the length of the value passed with the cookie highlighted in the following screenshot.
Upon generating the HAR file, use a HAR analyzer to observe that the SPRING_SECURITY_REMEMBER_ME_COOKIE is passed with an empty or corrupted value.
Step 2: Review the Nginx (or other proxy) configuration file for the buffer_size or other buffer parameters (if any) and increase the proxy’s buffer size gradually. A restart of the proxy and the Artifactory is recommended for the changes to take effect.
For example: If the Nginx is configured as a reverse-proxy, here are the steps to tune the respective option in a Helm.Non-Helm based installation.
A default Helm deployment of Nginx would be having the following annotations added to the values.yaml.
Upon generating the HAR file, use a HAR analyzer to observe that the SPRING_SECURITY_REMEMBER_ME_COOKIE is passed with an empty or corrupted value.
Step 2: Review the Nginx (or other proxy) configuration file for the buffer_size or other buffer parameters (if any) and increase the proxy’s buffer size gradually. A restart of the proxy and the Artifactory is recommended for the changes to take effect.
For example: If the Nginx is configured as a reverse-proxy, here are the steps to tune the respective option in a Helm.Non-Helm based installation.
A default Helm deployment of Nginx would be having the following annotations added to the values.yaml.
annotations: nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/proxy-body-size: "3600m"With no buffer definitions in place, the server would pick up the default proxy-buffer-size of "4k" which might not be enough for the cookie value to be passed as expected. Tuning the respective value to a gradual extent should resolve the situation. More details regarding this attribute are available here.
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"For the Non-Helm installation, you may directly tune the suggested parameter inside the Nginx configuration by referring to the article here.