Investigate gigantic `session` cookies

[denschub]

In bug 1677333, we had someone constantly getting a 502. Investigation showed that their session cookies is 3356 chars long, and that's... an issue. Headers that long are an issue in our current setup (I talked to Karl about this), but even if we fixed the issue, that's still weird.

Just accessing the site and logging in via GitHub ends up giving me a session cookie with 432 chars, which is still a lot of serialized data, but we should audit all the information we dump into the session cookie, because after all, there is a limit to how large headers can be, and this could probably be optimized a bit to avoid creating those gigantic cookies.

[miketaylr]

One possible place this could happen is here: https://github.com/webcompat/webcompat.com/blob/master/webcompat/views.py#L147-L154

[karlcow]

Temporary issue remedy found for this bug yesterday https://bugzilla.mozilla.org/show_bug.cgi?id=1690262

[miketaylr]

Some things I've learned about cookies and browsers, which can make investigating issues like this confusing:

Chrome has a hard limit of 4096 bytes for the entire cookie string. Firefox has a hard limit of 4096 bytes for the name and the value (minus the =), not including attributes -- but path can't be longer than 1025 bytes. Safari mostly follows Firefox, but it supports some Cookie2 attributes like comment or commentURL so in theory it can be much larger (Firefox would just throw those attributes away as garbage).