OIDC valid cookies exceeded issue

[clt16]

I'm running into an issue where users authenticated to our server will eventually get a generic error in browser and not be able to log in to our websites. This only happens in Google Chrome.

The apache logs are reporting this warning before it happens.

oidc_authorization_request_set_cookie: the number of existing, valid state cookies (7) has exceeded the limit (7), no additional authorization request + state cookie can be generated, aborting the request

Followed by this error:
[ssl:error] [pid 2313547:tid 139643320256256] [client 34.207.206.26:56346] AH02042: rejecting client initiated renegotiation

The temporary fix is to have the user clear all history and cookies from the browser and restart it. I've also found that using private browsing does not produce this error.

Any advice on how to correct this? Thanks in advance.

[zandbelt]

see: https://github.com/zmartzone/mod_auth_openidc/wiki/Cookies since it is Chrome only I suspect you need to upgrade the module