Open
Description
Checklist
- The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
- v4 sdk creates a new additional transactional cookie each time the unauthenticated user navigates to the app
- v4 logout does not remove said cookies
v3 does not create infinite cookies and does remove cookies on logout.
This eventually leads to a situation where the header of the request is too large.
Reproduction
- Be unauthenticated in your application (remove all cookies on that domain if you want)
- Navigate to a route in your application (receive a cookie)
- Navigate to another route in your application (receive another cookie)
- Repeat as many times as you wish
- Navigate to
/auth/logout(receive another cookie, and cookies are not removed)
infinite.cookies.mp4
Additional context
N/A
nextjs-auth0 version
4.0
Next.js version
15.1.6
Node.js version
20.x