I am running a serverless .net core website hosted as a serverless lambda function exposed via API Gateway.
Over the past year I have randomly hit this issue where, during a session a user will get the error;
HTTP header is larger than 10240 bytes.
We are hitting an AWS API Gateway limit. API Gateway has an unadjustable limit.
10240 bytes on the total combined size of all header values.
The problem is that the .net core website, stores a number of cookies like;
I was also adding my own custom cookies to support storage of some minor session state, which in a serverless solution you cannot store in any kind of local cache or in memory (would need to use a distributed cache).
All in all depending on what asp.net core was doing the size of the headers was going above the 10240 limit.
A solution of sorts
The only way around this is to try and reduce the size of the payload in the header. These are some of the solutions I used;
- Jwt token claims – I remove all unused claims off the token so that we only store those that we actually need.
- reduced the length of the key names.
- limit the size of the data being stored
- Enable compression
This gets me to around 9,000 bytes, with a little bit of head room.
The actual solution
The real solution, it turns out is to bypass the API Gateway.
Open the Lambda Entry point and you will see that there is generally a block of commented code for the various classes that the startup class can inherit from.
You will need to do the following;
- Setup a load balancer
- Setup a trigger on the lambda to be triggered from the Load Balancer
- Update the LambdaEntryPoint class and choose to inherit from
- Build and deploy your lambda
- Reconnect your domain name to point to the ALB not the API Gateway CloudFrontstack
This will bypass the API Gateway and your problem is solved.