The value of the state parameter is not removed from the session after successful authentication when a cookie based session storage is used in the application. The state is unset in the implementation but the new session is not committed in the response so the value stays in the session until the end of the validity of the session.
The session size is limited by the cookie size (4096 bytes) and therefore it would be nice to get rid of session values, which are useless.
The value of the state parameter is not removed from the session after successful authentication when a cookie based session storage is used in the application. The state is unset in the implementation but the new session is not committed in the response so the value stays in the session until the end of the validity of the session. The session size is limited by the cookie size (4096 bytes) and therefore it would be nice to get rid of session values, which are useless.