Skip to content

Add cookie chunking support for sessions exceeding 4KB limit #937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sefasenturk95 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add cookie chunking support for sessions exceeding 4KB limit #937

sefasenturk95 wants to merge 2 commits into from

Conversation

@sefasenturk95
Copy link

@sefasenturk95 sefasenturk95 commented Dec 1, 2025
edited
Loading

This PR adds optional cookie chunking to handle session data that exceeds browser cookie size limits (~4KB). When enabled, large cookies are automatically split into multiple smaller cookies and reconstructed transparently when reading.

Multiple users have reported hitting the 4096-byte cookie size limit with iron-session:

Currently, users hitting this limit must either:

  1. Remove data from their session (not always feasible)
  2. Switch to a different library with external storage (like next-session with Redis)

This PR provides a third option: automatic cookie chunking for moderate-sized sessions that don't warrant the complexity of external storage.

Changes:

  • Added chunking configuration option to SessionOptions interface
  • Implemented splitCookieIntoChunks() for splitting large cookies
  • Implemented reconstructCookie() and reconstructCookieWithStore() for transparent reassembly
  • Updated save() method to handle chunking for both Node.js and CookieStore patterns
  • Updated destroy() method to clean up all chunks

Documentation:

  • Added comprehensive README section explaining the feature
  • Added usage examples for both patterns (req/res and CookieStore)
  • Added FAQ entry: "What if my session data exceeds cookie size limits?"

Testing:

  • Added 6 test cases covering all chunking scenarios

Note: This PR addresses a common pain point while maintaining iron-session's stateless, cookie-based architecture. It's a middle-ground solution between "reduce your data" and "switch to Redis."

@sefasenturk95
Add cookie chunking support for large session data
8741f6f 
This adds optional cookie chunking to handle session data that exceeds
browser cookie size limits (~4KB). When enabled, large cookies are
automatically split into multiple smaller cookies and reconstructed
transparently when reading.

Features:
- Opt-in via chunking config: { enabled: true, chunkSize: 3500 }
- Automatic chunking when session exceeds chunk size
- Transparent reconstruction from chunks on read
- Automatic cleanup of old chunks on save/destroy
- Works with both Node.js req/res and CookieStore patterns
- Backward compatible with existing non-chunked sessions

Chunk naming pattern: {cookieName}.0, {cookieName}.1, etc.

Includes comprehensive test coverage with 6 new test cases.
@vercel
Copy link

vercel bot commented Dec 1, 2025

@sefasenturk95 is attempting to deploy a commit to the Codeagain Team on Vercel.

A member of the Team first needs to authorize it.

@sefasenturk95
Fix TypeScript errors in test file
247968d 
- Add type assertions (as any) to collectAllCookies calls to fix mock type mismatch
- Add non-null assertions for array access in test assertions
- Fixes prepare script errors during npm install
@sefasenturk95
Copy link
Author

sefasenturk95 commented Dec 2, 2025

@vvo could you take a look at this please? :) Thanks in advance!

@sefasenturk95
Copy link
Author

sefasenturk95 commented Dec 7, 2025

@vvo hello? Anyone there? 🙈

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sefasenturk95