Make WordPress Core

Opened 3 years ago

Last modified 2 years ago

#54246 new defect (bug)

wp_logout sometimes causes 'upstream sent too big header'

Reported by: erikdemarco's profile erikdemarco Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: needs-testing-info
Focuses: Cc:


I'm using nginx as a proxy for my wp.

By default setting for 'fastcgi_buffer_size' is set to 4k.

If you do a headers_list() during wp_logout. you will see the size is almost 3k.

So if we combine this wp_logout with other hook which also sets couple headers. Sometimes this 4k limit reached and blowing out the buffer and resulting in a HTTP 500 error. The fix is to increase the 'fastcgi_buffer_size' setting. But increasing this setting will cause unnessasary memory usage for regular use.

So Its recommended to decrease this huge list of setcookie especially each of this is so long.

Change History (5)

#1 @costdev
3 years ago

Hi @erikdemarco, thanks for opening this ticket!

As a reference for others reading this ticket, setcookie() calls related to this ticket occur in wp_clear_auth_cookie()Docs which is called by wp_logout()Docs.

This ticket was mentioned in Slack in #core-test by boniu91. View the logs.

2 years ago

#3 @Boniu91
2 years ago

  • Keywords needs-testing-info added

Hello @erikdemarco could you provide us with the exact code that is used to reproduce this issue?

It'll be easier for the Test team to use the same code as you do.

#4 @erikdemarco
2 years ago

@Boniu91 Hi, Its hard to reproduce. It really depends on how big is the response header. For me usually its because of the cookie is too big so it will overload default nginx buffer which is only 4K.

That time i forget what is my setup. But today I got this error again so I remembered this ticket.
Currently I retested it again with default nginx, WordPress 5.8.2, Woocommerce 5.9.0, Query Monitor 3.7.1 , and a payment gateway plugin from

As soon as you want to setup the payment gateway from woocommerce payment settings, you will get 500 error because of too big header.

For example like this cookie, the longest value is mostly from wordpress:

wordpress_sec_005230f14b0807e14bdbdr34r3rfde5794a=admin|1638892064|oujXtnEdAiDYYA1y8aTOJSNIkGsPlRVS1TbW8HxtoOR|ec30d6708fed7abcc74e2c2e4bface5c4de32145e23d533171879bd16fe144b4; wordpress_test_cookie=WP Cookie check; wordpress_logged_in_005230f14t34t43t3t43e0b25794a=admin|1638892064|oujXtnEdAiDYYA1y8aTOJSNIkGsPlRVS1TbW8HxtoOR|8070a9a06aa1669555c11558091c96d719c8987e0119c89b95183a8606a17f69; tk_ai=woo:WbWAnW5uuLNcW1I8BX/nNm1j; wp-settings-1=libraryContent=browse&ampampampampampurlbutton=none&ampampampampampeditor=tinymce&ampampampampampposts_list_mode=list&ampampampampposts_list_mode=list&ampposts_list_mode=list&ampeditor=tinymce; wp-settings-time-1=1638719265; woocommerce_items_in_cart=1; woocommerce_cart_hash=b6792725t34t543t8b69deb755b613c2f5; wp_woocommerce_session_005230f14b0807e1t53t34t33ee0b25794a=1||1638892067||1638888467||a58773e31fb6e41ecb5fc5dbff5ae3b3
Last edited 2 years ago by erikdemarco (previous) (diff)

#5 @SergeyBiryukov
2 years ago

  • Component changed from General to Login and Registration
Note: See TracTickets for help on using tickets.