Too many cookies OpenIdConnect.nonce cause error page “Bad Request - Request Too Long”

Question

I\'m using OWIN / OAuth with OpenId Connect authentication (Microsoft.Owin.Security.OpenIdConnect) in a C# ASP MVC web app. The SSO login with Microsoft account

Answer 1

OWIN and MVC may be deleting each other's cookies as described by the AspNetKatana github.

• As a workaround that page suggests to explicitly use SystemWebCookieManager or SystemWebChunkingCookieManager (Microsoft.Owin.Host.SystemWeb 3.1.0).
• There is also the Kentor Owin Cookie Saver as a workaround.
• However, I would first try upgrading to Owin 4.1.0 (released november 2019), as this seems to fix it!