My immediate concern on reviewing the patches is that they are neither necessary nor sufficient to address the issue: Instead of looking at the token size, we should look at the overall request size, as you can stuff any cookie to blow out the memory. The Token should not be getting logged anywhere, so it should not be an issue in filling up logs.
My immediate concern on reviewing the patches is that they are neither necessary nor sufficient to address the issue: Instead of looking at the token size, we should look at the overall request size, as you can stuff any cookie to blow out the memory. The Token should not be getting logged anywhere, so it should not be an issue in filling up logs.