Stateful cookies not cleared.

[johan-v-r]

Hi Scott, firstly thanks for this awesome post on Legacy ASP.NET & PKCE!

In that article you mention:

// remember code verifier in cookie (adapted from OWIN nonce cookie)

https://github.com/scottbrady91/Blog-Example-Classes/blob/7f30cee656ddb1b6cd68483a5447dcf10f2d1afc/AspNetFrameworkPkce/ScottBrady91.BlogExampleCode.AspNetPkce/Startup.cs#L129

I'm curious why the cookie's key is somewhat stateful/dynamic..?
The problem I'm seeing is when the user refreshes, it creates new nonce & cv cookies, leaving the old ones orphaned. This could eventually cause the request header to grow too big.

Do you see any issue with changing this cookie key to something constant like OpenIdConnect.cv.foo?