Windows Identity Foundation System.Xml.XmlException: Unexpected end of file

We have a custom STS along our website both running in Windows Azure. The STS is ASP.NET 4.0 and the site is MVC3. In the past few days I've started seeing quite a few of the following exceptions showing up in our diagnostics logs:

System.Xml.XmlException: Unexpected end of file.
   at System.Xml.EncodingStreamWrapper.ProcessBuffer(Byte[] buffer, Int32 offset, Int32 count, Encoding encoding)
   at System.Xml.XmlUTF8TextReader.SetInput(Byte[] buffer, Int32 offset, Int32 count, Encoding encoding, XmlDictionaryReaderQuotas quotas, OnXmlDictionaryReaderClose onClose)
   at System.Xml.XmlDictionaryReader.CreateTextReader(Byte[] buffer, Int32 offset, Int32 count, Encoding encoding, XmlDictionaryReaderQuotas quotas, OnXmlDictionaryReaderClose onClose)
   at System.Xml.XmlDictionaryReader.CreateTextReader(Byte[] buffer, Int32 offset, Int32 cou开发者_运维知识库nt, XmlDictionaryReaderQuotas quotas)
   at Microsoft.IdentityModel.Web.SessionAuthenticationModule.GetKeyId(Byte[] sessionCookie)
   at Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie)
   at Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken)
   at Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously

I don't know if there is any impact to the end user or what problems this may be causing. Would love it if someone could shed some light on this exception and what I might be able to do to prevent it in the future.

When you use Wif, Wif transforms the user information to a Fed cookie so that the user don't need to authenticate again and again. This Fed cookie, session cookie, is for each request interpretted by the Session Authentication Module which sets the User for the HttpContext and Thread.

Since the user information can be substantial, usually this cookie is chunked into smaller pieces.

In your case what is happening is SAM is failing to read the data represented in the cookies.

The error you are seeing might be end result of a browser limiting the number/size of cookies submitted.

The impact to the user is failed authentication or 500 depending on how this error is handled, which I haven't investigated.

I would recommend trying to see how many cookies your site hands out. I have seen in some posts that Opera and Safari can have trouble with these:

http://social.msdn.microsoft.com/Forums/eu/Geneva/thread/dc1e178f-46ab-4567-88b8-1f2541744908