400 Bad Request - Error Message Troubleshooting
What
If you are a Google Chrome user, you might have received the following “400 Bad Request” error message from our ticketing portal and/or some other PennKey-protected systems.
The UPenn Information Systems & Computing (ISC) team has not identified the root cause, but they identified that the indirect cause is an overaccumulation of client-side cookies within the browser across 3 sites:
-
The Duo Security site - the two-step verification app
-
The relying party site(s) - such as GSE-IT ticketing portal, PennBox, or Path@Penn
-
The SSO IdP - PennKey login page
Why
This error message happens when the browser does not properly dispose of expired cookies. When the cookies are not disposed of, they will all be sent to either duosecurity.com (during a 2FA challenge) or when being redirected back to a service, and once the cookie names+values (and they are very long values) exceed the web server limits for request length, they will return the Bad Request – request too large error.
Unfortunately, this is not something that can be fixed within the Penn SSO service or that the SSO service is a cause directly.
How to Resolve
Option 1:
Switch to a different web browser such as FireFox when using PennKey-protected systems at Penn.
Option 2:
Clear the specific website cookies (not the browser) when encountering this error message. You might need to repeat the steps periodically due to the overaccumulation of expired cookies.
Step 1: Load the site from which you want to clear cookies and cache in Google Chrome and click on the toggle-settings icon in the left corner of the address bar.
Step 2: From the pop-up modal, click on Site settings.
Chrome will load a new table listing site-related usage data and permissions.
Step 3: Click on the Delete data button under the Usage section.
Step 4: In the prompt, select the Delete button.
That’s it. Chrome will immediately clear the cookies and cache for the site. Once you refresh the website, it will only load fresh site cookies and data.