We are running into CookieOverflow errors due to judicious use of flash.now which seemed odd. After some digging I found that the full flash, including discarded values, is being saved into the session between each request, yet the discarded values are immediately case away when reconstituting the values. So why not discard them before marshalling? Seems to work. Saves a lot of cookie bytes, too.
Also revealed a bug where functional controller tests which removed all flash entries weren’t removing the marshalled flash from the session when processing and recycling requests, a difference in behaviour to the actual middleware.
Here’s a pull request: