The number of characters allowed in a URL are based on browser version.
The main attribute that affects the size of a cookie is the length of the requested URL. Some of the system generated URLs for ADF applications are quite long and can cause the cookie to exceed the maximum size.
Another case is when using custom plug-ins. The data that a plug-in adds to the authentication context is persisted in the cookie and can cause the cookie size to grow.
Multiple wrong password attempts can also add more context data to the cookie. Combined with one of the above cases, the cookie size can rapidly grow.
Solutions
Ensure that your applications do not use URLs that exceed the length that Access Manager and the browser can handle.
The cookie cache mode can be changed to FORM mode from default COOKIE mode. FORM mode works with long URLs. The only difference in behavior is for programmatic authentication, which requires a proper form Submit to pass the OAM_REQ parameter set to the form. Custom credential collection pages need to handle the OAM_REQ parameter that is submitted with the form.
Also, to support long URLs, set the serverRequestCacheType parameter to FORM in oam-config.xml under $DOMAIN_HOME/config/fmwconfig/oam-config.xml:
<Setting Name="serverRequestCacheType" Type="xsd:string">FORM</Setting>