diff --git a/pkg/validation/cookie.go b/pkg/validation/cookie.go
index db86c0f3..2d5a557a 100644
--- a/pkg/validation/cookie.go
+++ b/pkg/validation/cookie.go
@@ -35,11 +35,17 @@ func validateCookie(o options.Cookie) []string {
 }
 
 func validateCookieName(name string) []string {
+	msgs := []string{}
+
 	cookie := &http.Cookie{Name: name}
 	if cookie.String() == "" {
-		return []string{fmt.Sprintf("invalid cookie name: %q", name)}
+		msgs = append(msgs, fmt.Sprintf("invalid cookie name: %q", name))
 	}
-	return []string{}
+
+	if len(name) > 256 {
+		msgs = append(msgs, fmt.Sprintf("cookie name should be under 256 characters: cookie name is %d characters", len(name)))
+	}
+	return msgs
 }
 
 func validateCookieSecret(secret string) []string {
diff --git a/pkg/validation/cookie_test.go b/pkg/validation/cookie_test.go
index 26ad0d45..ac2e7951 100644
--- a/pkg/validation/cookie_test.go
+++ b/pkg/validation/cookie_test.go
@@ -1,6 +1,7 @@
 package validation
 
 import (
+	"strings"
 	"testing"
 	"time"
 
@@ -9,8 +10,12 @@ import (
 )
 
 func TestValidateCookie(t *testing.T) {
+	alphabet := "abcdefghijklmnopqrstuvwxyz"
+
 	validName := "_oauth2_proxy"
 	invalidName := "_oauth2;proxy" // Separater character not allowed
+	// 10 times the alphabet should be longer than 256 characters
+	longName := strings.Repeat(alphabet, 10)
 	validSecret := "secretthirtytwobytes+abcdefghijk"
 	invalidSecret := "abcdef"                                          // 6 bytes is not a valid size
 	validBase64Secret := "c2VjcmV0dGhpcnR5dHdvYnl0ZXMrYWJjZGVmZ2hpams" // Base64 encoding of "secretthirtytwobytes+abcdefghijk"
@@ -25,6 +30,7 @@ func TestValidateCookie(t *testing.T) {
 	}
 
 	invalidNameMsg := "invalid cookie name: \"_oauth2;proxy\""
+	longNameMsg := "cookie name should be under 256 characters: cookie name is 260 characters"
 	missingSecretMsg := "missing setting: cookie-secret"
 	invalidSecretMsg := "cookie_secret must be 16, 24, or 32 bytes to create an AES cipher, but is 6 bytes"
 	invalidBase64SecretMsg := "cookie_secret must be 16, 24, or 32 bytes to create an AES cipher, but is 10 bytes"
@@ -134,6 +140,23 @@ func TestValidateCookie(t *testing.T) {
 				invalidNameMsg,
 			},
 		},
+		{
+			name: "with a name that is too long",
+			cookie: options.Cookie{
+				Name:     longName,
+				Secret:   validSecret,
+				Domains:  emptyDomains,
+				Path:     "",
+				Expire:   time.Hour,
+				Refresh:  15 * time.Minute,
+				Secure:   true,
+				HTTPOnly: false,
+				SameSite: "",
+			},
+			errStrings: []string{
+				longNameMsg,
+			},
+		},
 		{
 			name: "with refresh longer than expire",
 			cookie: options.Cookie{