very interesting read: http://homakov.blogspot.de/2014/01/cookie-bomb-or-lets-break-internet.html
from thze blogpost:
"TL;DR I can craft a page "polluting" CDNs, blogging platforms and other major networks with my cookies. Your browser will keep sending those cookies and servers will reject the requests, because Cookie header will be very long. The entire Internet will look down to you.
I have no idea if it's a known trick, but I believe it should be fixed. Severity: depends. I checked only with Chrome.
We all know a cookie can only contain 4k of data.
How many cookies can I creates? **Many!**
What cookies is browser going to send with every request? **All of them!**
How do servers usually react if the request is too long? **They don't respond**
"
i checked it, and it works, i get the following error back:
400 Bad Request
Request Header Or Cookie Too Large
my question: is there a generic way to check the size of such headers like cookies etc
and to cut them off, or should we live with such malicious intent?
regards,
mex