RE: 431 Request Header Fields Too Large error (almost 100 fusionauth.known-device cookies)

@mark-robustelli thanks for the documentation link. I used a version of the "Logout Requirements" example to redirect to an endpoint that removes any fusionauth.known-device.* cookies before redirecting back to the application.

Do you think the Hosted Backend should remove fusionauth.known-device.* cookies when it removes the other tokens, at least in the case where fusionauth.remember-device is false?

Otherwise, it seems certain we will hit the HTTP 431 error whenever an application is accessed on a shared device with ~100 users. Or is the Hosted Backend not something FusionAuth envisions people using in production?

@mark-robustelli deleting the cookie fixes the symptom, but I'm looking to address the root cause. I don't want users to see a 431 error.

While using the hosted login page, I started receiving a 431 HTTP error, indicating my header is too large. When I took a look at the header, I noticed I had almost 100 fusionauth.known-device.* cookies.

The documentation for Hosted Login page Cookies just says more than one of these known device cookies might be set.

Is there a configuration value I overlooked to limit the number of fusionauth.known-device.* cookies? My request only had two cookies not associated with FusionAuth, and both have relatively short values (UUIDs), so I am pretty sure the problem lies with my FusionAuth instance.

I'm using the fusionauth/fusionauth-app:1.49.2 Docker image. Thanks in advance for any help.