Jun 28, 2011 07:59 PM|dean_goddard|LINK
We had a similar issue where we needed to run a site cookieless to sit inside our clients I-Framed website. When users with longish email addresses attempted to login there hit the dreaded BAD REQUEST error.
The issue is because the cookie being passed in the URL resides in one URL segment - that is the characters between two forward slashes. And that default length is 260 characters. Our url cookie segments were hitting 370 characters.
Setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxLength DWORD (512)
greater than the default to say 512 (max 32768) will overcome any Bad Request errors.
See http://support.microsoft.com/kb/820129 for more info, but don't be fooled by the date - this still applies now.
What is interesting is this still applies to June 2011 tech - namely IIS 7.5, Windows Server 2008 and ASP.NET 4.0. Searching for this fix implies a 3 year old issue which is 30 IT years.