Checklist

• The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
• I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

• v4 sdk creates a new additional transactional cookie each time the unauthenticated user navigates to the app
• v4 logout does not remove said cookies

v3 does not create infinite cookies and does remove cookies on logout.

This eventually leads to a situation where the header of the request is too large.

Reproduction

1. Be unauthenticated in your application (remove all cookies on that domain if you want)
2. Navigate to a route in your application (receive a cookie)
3. Navigate to another route in your application (receive another cookie)
4. Repeat as many times as you wish
5. Navigate to /auth/logout (receive another cookie, and cookies are not removed)

Additional context

N/A

nextjs-auth0 version

4.0

Next.js version

15.1.6

Node.js version

20.x