Transaction cookie not clean after usage lead to 413 or lambda size limit #2209
Description
Checklist
- The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
I reopen an issue, because subject of #1917
I'm using version 4.6.0 of auth0/nextjs-auth0 and next 15.3.0 and I still have a side effect with _txn cookies are growing in certain circumstances.
Logout work well to clean them
But if you never logout (as a regular user does), you number of cookies grows and lead to reach limit of infrastructure.
I'm using a lambda deployment so the limit is 6Mb and the _txn cookie size is around 400 bytes... so after sometime (with additional cookies in the loop), user reach the limit and is block with "Request must be smaller than 6291456 bytes for the InvokeFunction operation"
Cleaning the _txn solve the issue
We implemented successfully the workaround proposed in middleware to do the transaction cookie clean on any path except /auth #1917 (comment)
But it should be great to have a builtin fix in the library -> cleaning transaction cookie after use
Reproduction
Not a clear simple scenario to reproduce
Navigate in application probably using multiple tabs and never logout
Can be reproduced adding manually _txn cookies directly in developer tools
Additional context
No response
nextjs-auth0 version
4.6.0
Next.js version
15.3.0
Node.js version
20.18.1