Opening the Chrome console on one of our web apps I noticed this: A huge amount of anti-forgery cookies with similar names, all valid for the same domain. These will be sent over the wire for every single request to that domain, as seen