User not logged in - session cookie too large?


I am following the authentication tutorial for google app engine/python here: <a href="https://cloud.google.com/python/getting-started/authenticate-users" rel="nofollow">https://cloud.google.com/python/getting-started/authenticate-users</a>

I'm sure I've followed everything correctly, but when I click the login button on the page I am prompted to log in with google but then when redirected back to the page, it shows the user is not logged in.

I have checked the local server and it is saying:

UserWarning: The "session" cookie is too large: the value was 4755 bytes but the header required 26 extra bytes. The final size was 4781 bytes but the limit is 4093 bytes. Browsers may silently ignore cookies larger than this.

I am not 100% sure this is my problem, but it is the only thing that stands out to me. Can anyone please help?


Yes, all data needed to verify the authentication is in the cookie, and you are storing too much info in it.

You can reduce what is stored for the profile, perhaps, in the _request_user_info() hook:

def _request_user_info(credentials): # ... resp, content = http.request( 'https://www.googleapis.com/plus/v1/people/me') # ... session['profile'] = json.loads(content.decode('utf-8'))

Rather than store the <em>whole</em> dictionary, filter the dictionary that json.loads() returns and only retain the profile information your application really needs to have. That, or store this information somewhere else, like in memcached (so retrieve it each time you need it and it is not available in memcached still).

See the <a href="https://developers.google.com/+/web/api/rest/latest/people#resource" rel="nofollow"><em>People resource</em> documentation</a> to see what data is being stored in session['profile'] and pick what you really need. The tutorial, for example, only needs the display name and the image url:

profile = json.loads(content.decode('utf-8')) session['profile'] = {'displayName': profile['displayName'], 'image': profile['image']}


  • installing python igraph anaconda on mac
  • Getting error while running a classification code in keras
  • Can't use matplotlib.use('Agg'), graphs always show on the screen
  • IIS7 Application Request Routing HTTPS
  • something very wrong with SESSIONS
  • Add log separators to all fixtures in unittests
  • Laravel 5.2 Auth::check() on exception pages (layouts)
  • Binary Tree Traversal Sum Of Each Depth
  • Small video playback
  • Selecting a subset of data in ServiceStack.OrmLite
  • Error in installing package: fatal error: stdlib.h: no such file or directory
  • Sending cookie value via httpget but not getting the desired response
  • How to make R's read_csv2() recognise the text characters properly
  • Can I read an iPhone beacon with Windows.Devices.Bluetooth.Advertisement.BluetoothLEManufacturerData
  • TFS 2015 - Waiting for an agent to be requested
  • saving file generated by TCPDF
  • How to view images from protected folder with php?
  • ADO and msqli connections very slow
  • How can I extract results of aggregate queries in slick?
  • Textfile Structure (tables)
  • PHP buffered output depending on server setting?
  • copying resource to sdcard gives a damaged file in android
  • Spark fat jar to run multiple versions on YARN
  • Debugging ASP.NET on a built-in web server suddenly stops
  • Is there any way to access browser form field suggestions from JavaScript?
  • Deselecting radio buttons while keeping the View Model in synch
  • Nant, Vault & Windows Integrated Authentication
  • What is Eclipse's Declaration View used for?
  • Resize panoramic image to fixed size
  • Volusion's generic SQL folder, functionality
  • script to move all files from one location to another location
  • vba code to select only visible cells in specific column except heading
  • 0x202A in filename: Why?
  • InvalidAuthenticityToken between subdomains when logging in with Rails app
  • How do you join a server to an Active Directory (domain)?
  • coudnt use logback because of log4j
  • Are Kotlin's Float, Int etc optimised to built-in types in the JVM? [duplicate]
  • Is it possible to post an object from jquery to bottle.py?
  • How to get NHibernate ISession to cache entity not retrieved by primary key
  • costura.fody for a dll that references another dll