Consider limiting the cookies we use for nonce and correlationId to the paths that we use them on

[javiercn]

Currently the handle of /, if there are incomplete logins they cause trouble and they stay on the browser cookie cache incrementing the size of each request. We should look into setting their path to the sign-in callback endpoint so that incomplete login flows don't increase the size of requests sent to the server.

[Eilon]

@javiercn any chance you want to send a PR for this? @Tratcher believes the code change is quite simple, but it requires a bit of testing.

[javiercn]

Yeah, I will talk to @Tratcher and look into it next week.