I think there's something in this, but I'm not entirely sure of the circumstances which lead to this 400 cookie too large error.
We proxy through CloudFlare here and as you can see I'm still plodding along nicely with these cookies:
[ATTACH=full]253778[/ATTACH]
One of these was artificially doubled in size, the other took a fair amount of clicking.
The behaviour observed when it hits ~4096 bytes and you try to add more to that cookie is that the requests complete successfully without issue, but the cookie remains unmodified. It does lead to a situation where the UI indicates that the item is selected but it actually isn't because the cookie can no longer be increased in size.
This, at least, is the behaviour exhibited by Chrome on macOS. But according to RFC 6265 4096 bytes is the minimum size that should be supported per cookie. i.e. no user agent should impose a limit below 4096 bytes per cookie.
It might be useful to understand the circumstances which led to this bad request. Are there actually server limits in place? Or a particular config in CloudFlare? Do we know which browser was being used to generate the cookie(s), and what size was it when this triggered?
For now, if we can, I think setting a per-inline mod cookie limit of somewhere between 3KB and 3.5KB is probably reasonable, with a notice displayed once the limit is hit. But it would be good to make sure that's sufficient to prevent this particular case so please let us know 
