We are encountering HTTP 431 errors for some of our users. The application is running on Azure App Service with a container image. It is a nodejs app (nextjs, nextauth) , running on node v18.
The application is restricted with Azure AD access on our test and acceptance environment, this is where the issues happen. We first experienced this with our developer accounts. All of a sudden we got this 431 error, even when we reverted the image to a previous one which did not have the same issue before.
In AppServiceHTTPLogs we can see the 431 errors appear, the CsBytes field is somewhere between 8000 and 13000 while the --max-http-header-size is 16384 on the application, we know because we did log it in the application. We tried to increase the --max-http-header-size with no succes. We tried by adding an increased value to the start command in package.json.
We even created new accounts with the exact same settings in Azure AD and one of them was working oke, the other one also got the 431 errors. Other things we also tried: clearing cookies, incognito browser, using other devices/browsers.
We are kind of lost as it seems so unpredictable.
How can we know for sure that it is really the header size that is the issue? As it doesn't seem to be bigger than the 16384 bytes.