fix(ambient-ui): split custom token into separate cookie to avoid overflow

jsell-rh · claude · jsell-rh · commit 0a099b7aeaa8 · 2026-06-02T15:02:20.000-04:00
The custom connection token was stored in the main iron-session cookie,
which also holds SSO access/refresh tokens. This caused cookie-too-large
errors. Move the custom token to a second iron-session cookie
(ambient-ui-session-ctx) so auth and context don't compete for space.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/components/ambient-ui/src/lib/runtime-config.ts b/components/ambient-ui/src/lib/runtime-config.ts
@@ -1,5 +1,5 @@
 import { env } from './env'
-import { getSession } from './session'
+import { getSession, getContextSession } from './session'
 
 export type RuntimeConfig = {
   apiServerUrl: string
@@ -12,8 +12,9 @@ export async function getRuntimeConfig(): Promise<RuntimeConfig> {
   const defaultUrl = env.API_SERVER_URL
   try {
     const session = await getSession()
+    const ctxSession = await getContextSession()
     const apiServerUrl = session.customApiServerUrl || defaultUrl
-    const customToken = session.customToken ?? null
+    const customToken = ctxSession.customToken ?? null
     return {
       apiServerUrl,
       customToken,
@@ -32,18 +33,22 @@ export async function getRuntimeConfig(): Promise<RuntimeConfig> {
 
 export async function setCustomContext(url?: string, token?: string | null): Promise<void> {
   const session = await getSession()
+  const ctxSession = await getContextSession()
   if (url) session.customApiServerUrl = url
   if (token === null || token === '') {
-    session.customToken = undefined
+    ctxSession.customToken = undefined
   } else if (token) {
-    session.customToken = token
+    ctxSession.customToken = token
   }
   await session.save()
+  await ctxSession.save()
 }
 
 export async function resetContext(): Promise<void> {
   const session = await getSession()
+  const ctxSession = await getContextSession()
   session.customApiServerUrl = undefined
-  session.customToken = undefined
+  ctxSession.customToken = undefined
   await session.save()
+  await ctxSession.save()
 }
diff --git a/components/ambient-ui/src/lib/session.ts b/components/ambient-ui/src/lib/session.ts
@@ -9,6 +9,9 @@ export type SessionData = {
   expiresAt: number
   customApiServerUrl?: string
   customTokenId?: string
+}
+
+export type ContextSessionData = {
   customToken?: string
 }
 
@@ -48,6 +51,14 @@ export async function getSession() {
   return getIronSession<SessionData>(await cookies(), getSessionOptions())
 }
 
+export async function getContextSession() {
+  const opts = getSessionOptions()
+  return getIronSession<ContextSessionData>(await cookies(), {
+    ...opts,
+    cookieName: `${opts.cookieName}-ctx`,
+  })
+}
+
 export async function getAccessToken(): Promise<string | undefined> {
   const session = await getSession()
   if (!session.accessToken) return undefined
