Jump to content

Amount of cookies sent (502 bad gateway)

Recommended Posts


I'm stumped by the amount of cookies Prestashop seems to send to the user on authentication. It's so much that it exceeds our proxy limit, which results in a 502 bad gateway error. Our webhost has increased this limit in the past, which worked for a while, but since then the cookie size seems to have grown even more. I feel this is very unnecessary. Cookies should be used to identify the user, not as a session cache. Prestashop is a wonderful package, but this will steer a significant amount of potential users away. The fact that Apache allows for an unlimited cookie size isn't necessarily a good thing.

So, my question is: why is this and how can we get Prestashop to use smaller/less cookies?


Share this post

Link to post
Share on other sites

That's right. Apache allows for an unlimited cookie size. Do mind that that's not how it should be. In the new way of hosting your websites, many servers are behind proxies and load balancers. Those often don't allow for an unlimited cookie size. Also, some web browsers appear to block cookies that exceed a certain size. It won't be 5kB, but it's not a lot. nginx is a more than fine web server and should be taken into consideration. It's a very important reason not to choose Prestashop, but apart from that, it's not needed for the cookies to grow this big.

A cookie should be used to identify the user. You use some kind of mechanism to link the user's system to a certain user (or customer in this case) in your database and get the actual values from there. What Prestashop does is set all kinds of user information in the cookie after logging in. That might be easy from a developer's point of view (although I sincerely doubt this), but it's bad practice. I develop web applications for a living and we also use cookies. We even use cookies to remember exactly where a user has been at any given time while visiting these web applications. However, these cookies rarely get bigger than 150 Bytes. All customer information is already saved in the database, so saving them in a cookie shouldn't be needed.

Even if the reason for this is some kind of caching mechanism, there are much better ways to set up a session cache or even page caching.

Prestashop is a wonderful package in many other ways, but this one thing makes it unusable for quite some potential users. And maybe even for their potential customers, which is even more important. I hope it can be fixed, it shouldn't be too hard and I'd even want to contribute if needed.

Share this post

Link to post
Share on other sites

Actually, I absolutely agree with you. But since prestashop meets the requirements that i want from an e-commerce platform, I don't wanna wait any longer to use it for my online store :)

I realize that this should be a big issue, and I hope the Presta Team and the community could fix this problem a.s.a.p.

Share this post

Link to post
Share on other sites

  • 2 weeks later...

A little on the safe side, but try to increase the cookie size in nginx:

server {
listen 80;
server_name yourdomain.com;
client_header_buffer_size 16k;
large_client_header_buffers 16 16k;

location / {

restart nginx, clear cookies and try it again.

Share this post

Link to post
Share on other sites

  • 3 weeks later...

Hi everyone!

First of all I'd like to correct something:

What Prestashop does is set all kinds of user information in the cookie after logging in.

I'm very interested on where inside the PrestaShop source code you find out that.

Since the PrestaShop source code is open, you can see by yourself that we only store I'd say 5 values maximum simultanously inside the user cookie. Which are indeed the PrestaShop customer ID, its cart ID and some other primary data IDs.

Secondly, if the PrestaShop cookie is "that big" it is because it is encrypted (via the blowfish algorithm) for security reasons and therefore bigger than the few bytes required by those five values.

If you want to remove this cookie encryption (that will for sure reduce significantly its size) and let your customer bypass the authentication process by changing their customer ID (taking other ones or even the merchant one), you're welcome. The source code is available, you can change it by yourself.

But the official code source is secure and therefore technically need a big cookie.

Share this post

Link to post
Share on other sites

  • 4 weeks later...

I installed Prestashop today, impressed so far and it's running very quickly on nginx.

Experiencing this issue I had a poke around the interwebs. Some searching uncovered a post on the nginx forums regarding the large cookie issue & fast cgi.

NGINX Forum Max Header Length

I added the suggested values to the vhost file in my sites_available and it seems to have resolved the issue.

I may try and reduce them to find the sweetspot between header size and server speed but for now, it's a working resolution.


Share this post

Link to post
Share on other sites

  • 4 months later...
  • 2 years later...

Hi PrestaShop!


The problem solve:

 * Login to the your server panel (sample: plesk)

 * Open the page: Tools & Settings

 * Click the button: Services Management

 * ReStart => Reverse Proxy Server (nginx) and again test

   ______|| OR ||______

   Stop => Reverse Proxy Server (nginx) and again test


Source: click.


Good work!

Share this post

Link to post
Share on other sites


  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More