AD and other IdPs can provide long lists of group
membership. This can lead to securecookie too big
as this cannot always be stored inside a HTTP header.
Filesystem session storage removes this limitions at the
cost of not being entirely stateless anymore. It is therefore
required that clients can keep state with the rdpgw
instance.