none
bootstrap token persistence options?

    Question

  • As noted in other threads, it appears that when the saveBootstrapTokens option is enabled in web.config that the resultant W.I.F. session cookies are too large for Opera and Safari to transmit without being truncated (Chrome, IE, firefox all work fine).  I'd rather not disable the saving of bootstrap token as this will cause the loss of trusted subsystem calls via wcf. What are some other options?    Stateful session cookies are probably not a good fit due to our web farm.  Does W.I.F. have any other options for customizing the persistence of the bootstrap token other than via the session cookie?

     

    thanks

     

     

     

    Friday, July 02, 2010 2:37 AM

Answers

  • Ok, this was a big P.I.T.A but finally have a work around.  I did indeed have to disable save boot strap tokens to get the total cookie size small enough to make safari/opera happy.   THis cut my total cookie size from over 5000 bytes to just a little over 2000 bytes.  Note, the only claims in the boostrap token are two int values. Thats a pretty massive cookie chunk for only two int value claims.   I now manually save the boostrap token by subscribing to the FAM SecurityTokenValidated event and saving the token to SQL.  It would be nice if W.I.F. would check the user-agent when building the session cookie and throw an error if the cookie data is over 4000 bytes and the user agent is safari/opera.

     

     

     

     

    • Marked as answer by scott_m Friday, July 02, 2010 10:24 PM
    Friday, July 02, 2010 10:23 PM

All replies

  • The default ChunkedCookieHandler will split the token into chunks of 2000 characters. Is the problem the toal size of the chunks or an individual chunk.

    You can set the individual size with the configuration below.

       <federatedAuthentication>
        <cookieHandler>
         <chunkedCookieHandler chunkSize="2000"/>
        </cookieHandler>
       </federatedAuthentication>
    

     

    Friday, July 02, 2010 3:18 AM
  • The web server / S.A.M. sends back 3 W.I.F. cookies totaling 5840 bytes.

    Safari only sends 2 cookies back on subsequent requests totaling 4000 bytes.  So it appears the problem is that safari takes a dump when the total size of all cookies is over 4000 bytes.  This would indicate that the problem is a total size issue.

     

    W.I.F. cookies from SAM / server response

    Set-Cookie: Zfp=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U2VjdXJpdHlDb250ZXh0VG9rZW4gcDE6SWQ9Il8wN2RmMjhhMC0zNzAxLTQ3NTQtOGUxMy1jY2M3NDcyYTc2MTAtRUQzNEMzNEQxMDUwODYxMDRENDAxQ0JENTNGOTA3MzAiIHhtbG5zOnAxPSJodHRwOi8vZG9jcy5vYXNpcy1vcGVuLm9yZy93c3MvMjAwNC8wMS9vYXNpcy0yMDA0MDEtd3NzLXdzc2VjdXJpdHktdXRpbGl0eS0xLjAueHNkIiB4bWxucz0iaHR0cDovL2RvY3Mub2FzaXMtb3Blbi5vcmcvd3Mtc3gvd3Mtc2VjdXJlY29udmVyc2F0aW9uLzIwMDUxMiI+PElkZW50aWZpZXI+dXJuOnV1aWQ6N2ViZmYwNGYtNjg4OS00ZTE3LWExMTMtMjU0MDFhOGY0Y2M3PC9JZGVudGlmaWVyPjxJbnN0YW5jZT51cm46dXVpZDpjYTk5OTQwYi1jNzQyLTRhNGUtYmYwMy00MTExNzJlZDI2Zjc8L0luc3RhbmNlPjxDb29raWUgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwNi8wNS9zZWN1cml0eSI+NmxlV2FxUkJzTDJZUVp3UWJjeFJxTVBCNjZwVVN6bVR1SDdCdGREL1JJMGREYmlqQmhSRU9mRkVyY29TdGd6d1AwMzRqMjk3VEp1UUxvL0lEUFhQVi9FZzRQejlrTFVBTHE5bm9ZMGtRTWI4d09NNmE2aFJzbng2L0NTS2FyREM2SzgwUDk1a283a3FLQ1NKUm41MWhqZDdMU00vYTBmUVhaSUZEZng2NkRWblpvNGVsdGNwL0lzNndUNnRwd2YzcXNDNzFkTUlJbW9TNjlpZXV6Z3RnQUwwQmpPMzRsVlRTaHk0Qk53MGJMdmNsUThtek5qa1JISjg3cFRMSmQzNXl3cnpTeEl1bWRIZk9CL3ZKTGo5Q2FoaTFQRm9QcmkzZjFZa1FKQnZrYUllcHd6cUNKWWlZYWE4THFXUWN4Y0VBY1hvMkFZaVh2a21mT3BBTmpSeHFFdW9kQUsxOThhelRubFhUR210TE5qR3dUamM2OElSWWQ2WjdpWHVsNmJPSEViSjJYaERTeDYxUTdpUjlJNHJlZ3BZNHlJdnRWdVhwVDlUcTYyVndJbHVnQzVDcTJMMnQyeTQ5bGZOMjZ4NVZQZ1VoVUFteDJsOWsweEJWaFpGUlVTeHRIWkFhMy9MNUVKblUvN2drODVmd2lKTHpjOW43VEJmZ3dYbmJHa2JVV0lGQmFEVTJmNmN5WlhXaCtWSzZ5TFNhSDU4enpnOFdXT1BHSFE2V1VqV3JTeVdONzRtVmMreDZTLzQrS3Ixd2cwK0NUbmJvSGp5N2R5ekdjYmZMbGh2V2xCNnNsZlhBeGpRZkRvK3MyeDJkb3BWbklSSFplYlNBbUhObWtxYWNEYndxclB0cmY3eXhGbEp4dEV6bDVpeDRHYmtVSk5pbGx3azl2ZFpsdDdsYWFKNkx0RU85VVE0bE5leERHSW05NXg0aCtFRXpqWm8vdG5qMHg3OEJlZFRRM2h0Q3BWQ1hoa1VDKytkdmF1MzJYc3BVSEdaZlZMYnhENk4wWGwzelVXMmJta0ltMEVjQXVGZ3ZUaFBGZEJWeGF0aVhOVEVTK1RxdkFJVWorNUJyMzNJUko3UnNFOWRvWkljRWVuc0Y4K1MvUFM5ODJza1ZNUjNQSFZhd09wZFJxRm5Xejc1RDJZU2VTaTFGcnQvVnJVZE9KVEx4QjRFT3BmcFFjbndodWV3cXRNZTYxTGZjbCtaZEViL3ZtZjd0NXYyZGFwVmxrVHl1SVdhTGt2bnBwUUpqSHRENDZSVTRQRU84NmtXVkU4dDZZeUJZemJ0N0R5VSs2aU9RQllpN1NpaUVnNzI0; path=/; HttpOnly

    Set-Cookie: Zfp1=aS9RcUZjUlZWR21JOUxwMXNaQXBvUWVBR0JyRVArQ1NiWUxLaTlZNnNqZkRJekpWbGhlVWdUQ0dUaFNzOStXSnZqZXcrVXZJRmliVitxaVJXUnI4VlhucWd3ckhZOFlpQnpuVmlCcDB5RlNjeWp3SU14SjlmcG1id1VxdUR4U2RXcitOSGxwTWJNV3dvdnVXTjNvVUpvQklUdytlRXgwWHdQRGVRVFRlaFNvS1JhcG1XRVNKVlJ1b3NkbW9DanNiQjNVWldRL0JkK0ZBRk10TVdUL2ZvaGtDa3pvUkNkL3Y4Q2N4Yk9nRHRvTzI4ejFXQ3NKQ0xDWnlaNDRyS216aXF3M0FTbFFJMlVoYVZCSFlYdENpVWZSTWt4b0g1czdmbEJMa0drc0NhMkJpb0dESStsa2I4aEI5TE1OUXYzNmI3MHdzMGFJUnNJSFpHSVFhOStMbnpkQmFxblVUU0ozMDdKYWcrSXhqb3RUVmxHblBrVkRtVjB2UGtDWmt0TXcvRU02bG9xTVNtUzZqVGkvOU02YUtVdStMY1Z6S3hqV3lmc2o2T2NzMUUweWFHdHplYlU3WG5lMDBJTTR1b2s0UzRWcml3czh3L2E4UUhsR1pnb3NYc1hCQVUvaktvNHFzak1QZm1SQkw2THZ0NFAxbWkrZENlSWN0RXl3ZldKN2pjSmlieEFVa3pwK25XSndKZWxSVlFDNmJlR3FjVWFLTkgzNzVGWnZOK1QvcmxlK3FUL1ZudjlxQ0F2R241emxqa0lzY0pnMFo4NUxUajErTmpyR29Qd2NsK3lja3IrQmw4N1VaRDh3MXN6VlB1UCtjOVljZUU5TGtVbWxWSy9maHRFMlJWYXRoUW1LcFZmV3RkcnZxaC9aMlRFa2FDUDZZV21OT1k3STczVjZjZjUzY1hPWFVvS3VCQ1FMY0lvSkVCendXYldXWlpKRDZWbFhPcVhpdXRCU3J6RDdrNHpzaDBwTTJvcFZjOFpMaGxOVFNSYlJFdGNubmhwQmhCSzhTbVBucjM1SmI0cENWWkJBMCtpRjZOSzBBeU9vS1ZKcTl2V0pBbVNNOGVlQnE5UDF0MVlKb2tKSDZsZFNCNFR6V1hBcXJhS2I1dVpsYjNTQmdOekUrbFdtMStZZm1LR3VwQVJsSlc0VllZUDFvNE1HUXVINmdrYnptZ2F3cXlxSFVjUXkxa0hxMHJaVzlMc2U3WlpMcHBNbVZKVlhoQmdCNnMzTEQxNWxWOHU3TXFLWUw1NDhRT0VkR25BTVJQakFHR24vZ1dudTlrcFdpTlZzNlk5akwrVHRNR0RGMGt0cEhYTWgzVERQQjdWUUE5dDkxdDY1RTMrRmlUakxZanhPN3lrWGRmMUM0bkFUSEdQYzkrbkR0UnhsVDVvcllzZEF3RVR6dzM2d3ZQZmVJQWJ5R2krcTN1alZoWmd0dlFPaTBCSVhtK09iSzNxM2xFbUJtL3cvUVVXaFZkQ2dKT3lwcUY3WlBIS3kyYUFObjhBSWVUbjNZSnpRWGZzb2xoZU03RVN2L2owSkxSNk1CR2hvR0cyN1VQRWRsZldjZi9CLzR2bEhLQnZMZy9ZaEJvQk5LT3V6Vi8vQ2ZuUXJWZ2grWE5IZnArZW9PcllpY3ZCVVR1NFh1czc5amloaGRLWFMybzNIVnFBL1pEMThMSzRFUFZtVkd0VFBjSDRSOFQzWVhvZXRzRUdod3R6T3BveUlJRXA4RGRaQW9XbVI5WStsZk9SNzlZbkcxWTZla3ZUT1V3QTl6WEVBWC95RXNBU25SQi9ZdGkxSjNVZWdOeVdKNUtjK0p2R3pMMWJweEVtRnZFd3RHa2k3OWtrbzNTQnZCd2RKck14amtDZEVZNUtEQ2NaWGdrNHc5d0p3cGtBVDExZzdLaGVrNkhBb3hmWUI5a2hPbThpaWM5NWxWYmR3eUUxRnZHYU5XUlQ1RFJ3Z0xrMlp5M0dVaFk5K3QvaWpyQlF4MThuajJHNWI1; path=/; HttpOnly

    Set-Cookie: Zfp2=YTVoeE8rak9BQ3lwTjRKdWZrbGhOdnNOcUJ1aEdtNGpyQ3FNN0hMN0lHVHpEWi8yeENBWCtUVDgzV2diaTM4R0tQdlcxMk00NnUydEMxczhSVDF2MWE3dVNka2pzNUFpb0NidlRQWlFZaU4zL1MxWTBDVERvVlMzZlFoUUltdVN0RGVFa0RHQzNpZXhBWWtSMWJkTW5CYXJGb013OVd6ZkQxZzA4cTZFbDYwSEFCMStVRkJnZE5pZy92bzNQSUl4aGxQUHhDTlpKd0lYNGhpZkJCOTQyNFIwL2VtZXBZcy9DbTFmTGk0M0t1L0U4aW5HV2x1VmxYckVVcnA2OVJEMVBmS05LSFhMVXJIN081YzNVbTk3OC8xdXFUMHNXZzNndnJpaFFxVXFwOFpjWWp4YjZSaDFYMkIzZ3lpbkFkNmJuY3dGTVVoME5VSnBVVzFwdEFZVFVmUWdCQURod3hvTWFkTGdHd2xTMHo0YmtNZENnRmozUzRsN3RYeGJwNVM2NVJqdUgwWTloM0dETmJNZnlDYkpXNzVMUm9sUDNwNHJsSU4xUldLMTNENnUvY0ppNDQ5OURSV1YxdktaaVhoK1kyNzI3YW5OOHhka2dvVWVja0RQK0lVSWQrN0pPRWFIMnM1eDVxYXV0OEh0UWdqTHkzRkp3U3JPaUtEeWJGZDNPdjROemQzNlliUFFJelM3eVBmR2tYeUxaVEQrOHZnY3VGcG15Q0tIRjJNbHdwL2dLUlhpYlBHeGlPSUNzNzlMK2VsNGxsTCtRSTBwVUI3OG1Ia3hnTy82cVpiempzMEFCaFNHK3M3UG0yRitNL0NETnhPLzlnU1FwTHhjbmJzS1RrQS85Sng3WXJrdkVNMW8xbERQTUZrYXJVT2hnNk5Qc0xhaWJKVWJDVmtJbXljZ2U1Ym5Na0U4SWJRaGNRV2NmWTBjYXBKaGN5SEoxNE8wQXZYaDl4d25hcEdLRWs2OXVONFA0VUtJTEh1ZGNPRUtHUmt4N1ZGSjJMMzNpUUZhZmFSRTNkejhnQkgrdzZzS1QrSUxVS2xVWmNhUW9LeHQzRlpoN2h4NDdtd1hTVVZST3MwU3dRM2ZpY21Mc2NrY2t6RWdET3JIajhBa2x4ejM5S0FoNUh3aTJFbUVKSVNkS0tEcjZtS0k1OW93bExwWHk5ZHpDSGJ1UndmVVdEejRKOE5KWUducUJWWkNNcFVTaENDeWwzclZySWZaVWx3a2pSYldhdjNBb0ZiM0JnUldXdXNaaCtETUE4ZC9hckN0eUZBNjE2dFRsV0ZiOC9NbSs2ZmZkSUpxR1dtallZdzRPRzY3SGExODRzYlJjRlZlRUtEWDBxMHVPbkdubnZxMzZWejI5Q0FUVmQ1ZTZpRXJtV1Q2K3dUTU9NYWFDSEwvR2wzWDVKcCs1NEJHWElFekVCR2JCRnBEc1FkbzJYclNrdnJuMCtwVHVZTXN0a0l2OWpwSGUvd3JSUHl0V0p3b2paRmFmdFA5aUxvNHRSWmxUaXVkelBMbmo1RVJKT0ovemkvYVEzVXNNdjVxREYwQ1R1ZytYYTkxQnlwMTZyNml1YXpZZ01icjNZSlpLV1BxYTk5YnVjdUVqSnd2WnhHMlorc1B3dHl3M3BHOU8wUzhYcWVUOGFlRmV5dFdaYXhURHFseVRCdVJhcE9uQU13ZENsU0tkd2w0dUYwb0habFcxeWtsaENwNXlhU1NGUllnZEVKY1JVSTd1NHI3MW4xbWkwT0VSckhPMFQ2NnFvVW0vTTkzQU5jWEU5TjFBODd4ck1QPC9Db29raWU+PC9TZWN1cml0eUNvbnRleHRUb2tlbj4=; path=/; HttpOnly

     

    safari cookies sent in on subsequent requests

    Zfp=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U2VjdXJpdHlDb250ZXh0VG9rZW4gcDE6SWQ9Il8wN2RmMjhhMC0zNzAxLTQ3NTQtOGUxMy1jY2M3NDcyYTc2MTAtRUQzNEMzNEQxMDUwODYxMDRENDAxQ0JENTNGOTA3MzAiIHhtbG5zOnAxPSJodHRwOi8vZG9jcy5vYXNpcy1vcGVuLm9yZy93c3MvMjAwNC8wMS9vYXNpcy0yMDA0MDEtd3NzLXdzc2VjdXJpdHktdXRpbGl0eS0xLjAueHNkIiB4bWxucz0iaHR0cDovL2RvY3Mub2FzaXMtb3Blbi5vcmcvd3Mtc3gvd3Mtc2VjdXJlY29udmVyc2F0aW9uLzIwMDUxMiI+PElkZW50aWZpZXI+dXJuOnV1aWQ6N2ViZmYwNGYtNjg4OS00ZTE3LWExMTMtMjU0MDFhOGY0Y2M3PC9JZGVudGlmaWVyPjxJbnN0YW5jZT51cm46dXVpZDpjYTk5OTQwYi1jNzQyLTRhNGUtYmYwMy00MTExNzJlZDI2Zjc8L0luc3RhbmNlPjxDb29raWUgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwNi8wNS9zZWN1cml0eSI+NmxlV2FxUkJzTDJZUVp3UWJjeFJxTVBCNjZwVVN6bVR1SDdCdGREL1JJMGREYmlqQmhSRU9mRkVyY29TdGd6d1AwMzRqMjk3VEp1UUxvL0lEUFhQVi9FZzRQejlrTFVBTHE5bm9ZMGtRTWI4d09NNmE2aFJzbng2L0NTS2FyREM2SzgwUDk1a283a3FLQ1NKUm41MWhqZDdMU00vYTBmUVhaSUZEZng2NkRWblpvNGVsdGNwL0lzNndUNnRwd2YzcXNDNzFkTUlJbW9TNjlpZXV6Z3RnQUwwQmpPMzRsVlRTaHk0Qk53MGJMdmNsUThtek5qa1JISjg3cFRMSmQzNXl3cnpTeEl1bWRIZk9CL3ZKTGo5Q2FoaTFQRm9QcmkzZjFZa1FKQnZrYUllcHd6cUNKWWlZYWE4THFXUWN4Y0VBY1hvMkFZaVh2a21mT3BBTmpSeHFFdW9kQUsxOThhelRubFhUR210TE5qR3dUamM2OElSWWQ2WjdpWHVsNmJPSEViSjJYaERTeDYxUTdpUjlJNHJlZ3BZNHlJdnRWdVhwVDlUcTYyVndJbHVnQzVDcTJMMnQyeTQ5bGZOMjZ4NVZQZ1VoVUFteDJsOWsweEJWaFpGUlVTeHRIWkFhMy9MNUVKblUvN2drODVmd2lKTHpjOW43VEJmZ3dYbmJHa2JVV0lGQmFEVTJmNmN5WlhXaCtWSzZ5TFNhSDU4enpnOFdXT1BHSFE2V1VqV3JTeVdONzRtVmMreDZTLzQrS3Ixd2cwK0NUbmJvSGp5N2R5ekdjYmZMbGh2V2xCNnNsZlhBeGpRZkRvK3MyeDJkb3BWbklSSFplYlNBbUhObWtxYWNEYndxclB0cmY3eXhGbEp4dEV6bDVpeDRHYmtVSk5pbGx3azl2ZFpsdDdsYWFKNkx0RU85VVE0bE5leERHSW05NXg0aCtFRXpqWm8vdG5qMHg3OEJlZFRRM2h0Q3BWQ1hoa1VDKytkdmF1MzJYc3BVSEdaZlZMYnhENk4wWGwzelVXMmJta0ltMEVjQXVGZ3ZUaFBGZEJWeGF0aVhOVEVTK1RxdkFJVWorNUJyMzNJUko3UnNFOWRvWkljRWVuc0Y4K1MvUFM5ODJza1ZNUjNQSFZhd09wZFJxRm5Xejc1RDJZU2VTaTFGcnQvVnJVZE9KVEx4QjRFT3BmcFFjbndodWV3cXRNZTYxTGZjbCtaZEViL3ZtZjd0NXYyZGFwVmxrVHl1SVdhTGt2bnBwUUpqSHRENDZSVTRQRU84NmtXVkU4dDZZeUJZemJ0N0R5VSs2aU9RQllpN1NpaUVnNzI0; 

    Zfp1=aS9RcUZjUlZWR21JOUxwMXNaQXBvUWVBR0JyRVArQ1NiWUxLaTlZNnNqZkRJekpWbGhlVWdUQ0dUaFNzOStXSnZqZXcrVXZJRmliVitxaVJXUnI4VlhucWd3ckhZOFlpQnpuVmlCcDB5RlNjeWp3SU14SjlmcG1id1VxdUR4U2RXcitOSGxwTWJNV3dvdnVXTjNvVUpvQklUdytlRXgwWHdQRGVRVFRlaFNvS1JhcG1XRVNKVlJ1b3NkbW9DanNiQjNVWldRL0JkK0ZBRk10TVdUL2ZvaGtDa3pvUkNkL3Y4Q2N4Yk9nRHRvTzI4ejFXQ3NKQ0xDWnlaNDRyS216aXF3M0FTbFFJMlVoYVZCSFlYdENpVWZSTWt4b0g1czdmbEJMa0drc0NhMkJpb0dESStsa2I4aEI5TE1OUXYzNmI3MHdzMGFJUnNJSFpHSVFhOStMbnpkQmFxblVUU0ozMDdKYWcrSXhqb3RUVmxHblBrVkRtVjB2UGtDWmt0TXcvRU02bG9xTVNtUzZqVGkvOU02YUtVdStMY1Z6S3hqV3lmc2o2T2NzMUUweWFHdHplYlU3WG5lMDBJTTR1b2s0UzRWcml3czh3L2E4UUhsR1pnb3NYc1hCQVUvaktvNHFzak1QZm1SQkw2THZ0NFAxbWkrZENlSWN0RXl3ZldKN2pjSmlieEFVa3pwK25XSndKZWxSVlFDNmJlR3FjVWFLTkgzNzVGWnZOK1QvcmxlK3FUL1ZudjlxQ0F2R241emxqa0lzY0pnMFo4NUxUajErTmpyR29Qd2NsK3lja3IrQmw4N1VaRDh3MXN6VlB1UCtjOVljZUU5TGtVbWxWSy9maHRFMlJWYXRoUW1LcFZmV3RkcnZxaC9aMlRFa2FDUDZZV21OT1k3STczVjZjZjUzY1hPWFVvS3VCQ1FMY0lvSkVCendXYldXWlpKRDZWbFhPcVhpdXRCU3J6RDdrNHpzaDBwTTJvcFZjOFpMaGxOVFNSYlJFdGNubmhwQmhCSzhTbVBucjM1SmI0cENWWkJBMCtpRjZOSzBBeU9vS1ZKcTl2V0pBbVNNOGVlQnE5UDF0MVlKb2tKSDZsZFNCNFR6V1hBcXJhS2I1dVpsYjNTQmdOekUrbFdtMStZZm1LR3VwQVJsSlc0VllZUDFvNE1HUXVINmdrYnptZ2F3cXlxSFVjUXkxa0hxMHJaVzlMc2U3WlpMcHBNbVZKVlhoQmdCNnMzTEQxNWxWOHU3TXFLWUw1NDhRT0VkR25BTVJQakFHR24vZ1dudTlrcFdpTlZzNlk5akwrVHRNR0RGMGt0cEhYTWgzVERQQjdWUUE5dDkxdDY1RTMrRmlUakxZanhPN3lrWGRmMUM0bkFUSEdQYzkrbkR0UnhsVDVvcllzZEF3RVR6dzM2d3ZQZmVJQWJ5R2krcTN1alZoWmd0dlFPaTBCSVhtK09iSzNxM2xFbUJtL3cvUVVXaFZkQ2dKT3lwcUY3WlBIS3kyYUFObjhBSWVUbjNZSnpRWGZzb2xoZU03RVN2L2owSkxSNk1CR2hvR0cyN1VQRWRsZldjZi9CLzR2bEhLQnZMZy9ZaEJvQk5LT3V6Vi8vQ2ZuUXJWZ2grWE5IZnArZW9PcllpY3ZCVVR1NFh1czc5amloaGRLWFMybzNIVnFBL1pEMThMSzRFUFZtVkd0VFBjSDRSOFQzWVhvZXRzRUdod3R6T3BveUlJRXA4RGRaQW9XbVI5WStsZk9SNzlZbkcxWTZla3ZUT1V3QTl6WEVBWC95RXNBU25SQi9ZdGkxSjNVZWdOeVdKNUtjK0p2R3pMMWJweEVtRnZFd3RHa2k3OWtrbzNTQnZCd2RKck14amtDZEVZNUtEQ2NaWGdrNHc5d0p3cGtBVDExZzdLaGVrNkhBb3hmWUI5a2hPbThpaWM5NWxWYmR3eUUxRnZHYU5XUlQ1RFJ3Z0xrMlp5M0dVaFk5K3QvaWpyQlF4MThuajJHNWI1;


    Friday, July 02, 2010 3:49 AM
  • Ok, this was a big P.I.T.A but finally have a work around.  I did indeed have to disable save boot strap tokens to get the total cookie size small enough to make safari/opera happy.   THis cut my total cookie size from over 5000 bytes to just a little over 2000 bytes.  Note, the only claims in the boostrap token are two int values. Thats a pretty massive cookie chunk for only two int value claims.   I now manually save the boostrap token by subscribing to the FAM SecurityTokenValidated event and saving the token to SQL.  It would be nice if W.I.F. would check the user-agent when building the session cookie and throw an error if the cookie data is over 4000 bytes and the user agent is safari/opera.

     

     

     

     

    • Marked as answer by scott_m Friday, July 02, 2010 10:24 PM
    Friday, July 02, 2010 10:23 PM