diff --git a/pkg/cookies/csrf.go b/pkg/cookies/csrf.go
index 1e3f913e80..6f31bc5938 100644
--- a/pkg/cookies/csrf.go
+++ b/pkg/cookies/csrf.go
@@ -48,6 +48,7 @@ type csrf struct {
 
 	cookieOpts *options.Cookie
 	time       clock.Clock
+	creationTime time.Time
 }
 
 // csrtStateTrim will indicate the length of the state trimmed for the name of the csrf cookie
@@ -70,6 +71,7 @@ func NewCSRF(opts *options.Cookie, codeVerifier string) (CSRF, error) {
 		CodeVerifier: codeVerifier,
 
 		cookieOpts: opts,
+		creationTime: time.Now(),
 	}, nil
 }
 
@@ -176,7 +178,7 @@ func ClearExtraCsrfCookies(opts *options.Cookie, rw http.ResponseWriter, req *ht
 	}
 
 	sort.Slice(decodedCookies, func(i, j int) bool {
-		return decodedCookies[i].time.Before(decodedCookies[j].time)
+		return decodedCookies[i].creationTime.Before(decodedCookies[j].creationTime)
 	})
 
 	numberToDelete := len(decodedCookies) - opts.CSRFPerRequestLimit