Re: 404 Cookie Too Large Error - Cause and Solution?

AlexisHughes · ‎11-13-2023

Hi everyone:
Reaching out for support with a sudden intermittent issue with receiving 400 Bad Request - Cookie Size Too Large errors.

What's happened:

Over the past few weeks, a few internal high-frequency users and a few clients reported clicking a link in a Marketo email and being driven to a 404 Cookie Size Too Large error page in their browser.
- Links included pages hosted by Marketo (travel.fourseasons.com, view in browser link, Travel Pro Education)
- Links include pages that are not hosted on Marketo (fourseasons.com, preferredpartners.fourseasons.com)
- Some users tried to view the Marketo forms embedded on fourseasons.com and our Marketo landing pages and could not load the forms (example pages: https://www.fourseasons.com/meetings-and-events/newsletter/subscribe/Subscribe, https://travel.fourseasons.com/tpac2023.html)
If the user clears their cookies/cache, the issue is resolved. A simple solution, but would still like to understand the sudden issue and how widespread?
Our Marketo partners and Marketo Engineering (Tier 3 support) are still investigating the cause and the best solution 2+ weeks later. At first, none of their team could reproduce the issue, so it seems to only affect users who have been very active and accumulating a large amount of information in their cookie. They are exploring multiple potential causes both on their side (a limit to cookie size that they can increase to let users through?) and our side (is there a really large cookie on our site?).
Right now, there is no conclusive direction. We use OneTrust for cookie consent. The issue is difficult to reproduce, because once you clear your cookies, the issue is resolved. Our website seems to be functioning as usual. There have been no recent changes to our Marketo email operations or assets.
Our concern: we want to avoid sending an email to a large audience and having multiple important clients report 404 error pages.

Any ideas?

SanfordWhiteman · ‎11-13-2023

It’s weird to point the finger at Marketo here, when by your own admission it affects pages under your parent domain (fourseasons.com) which can all set 1st-party cookies!

Marketo’s servers have a max Cookie: header size of ~8000 bytes. That header includes all cookies set by all servers who are permitted to set cookies at the parent fourseasons.com. Any JS running on those servers can set a cookie at fourseasons.com, be it analytics JS, ad JS, or any other code.

What you really need is a snapshot of the whole document.cookie value (in Dev Tools » Console) at the time it fails. Simple as that. That’ll show you which individual cookie(s) were giant enough to put you over the limit. I highly doubt those cookies were set by Marketo JS libraries or Marketo webservers.

AlexisHughes · ‎11-14-2023

Thanks, Sanford. I have my web team involved too, but they're not able to reproduce yet. I'll send them your advice above, and as soon as we receive the error again, we can investigate with these steps.