diff --git a/lib/challenge/data.go b/lib/challenge/data.go
index a10051a..5898456 100644
--- a/lib/challenge/data.go
+++ b/lib/challenge/data.go
@@ -396,7 +396,7 @@ type TokenChallenge struct {
 	IssuedAt  jwt.NumericDate `json:"iat,omitempty"`
 }
 
-func (d *RequestData) verifyChallengeState() (TokenChallengeMap, error) {
+func (d *RequestData) verifyChallengeStateCookie(cookie *http.Cookie) (TokenChallengeMap, error) {
 	cookie, err := d.r.Cookie(d.cookieName)
 	if err != nil {
 		return nil, err
@@ -432,6 +432,16 @@ func (d *RequestData) verifyChallengeState() (TokenChallengeMap, error) {
 	return i.State, nil
 }
 
+func (d *RequestData) verifyChallengeState() (state TokenChallengeMap, err error) {
+	for _, cookie := range d.r.CookiesNamed(d.cookieName) {
+		state, err = d.verifyChallengeStateCookie(cookie)
+		if err == nil {
+			return state, nil
+		}
+	}
+	return state, err
+}
+
 func (d *RequestData) issueChallengeState(until time.Time) (string, error) {
 	signer, err := jose.NewSigner(jose.SigningKey{
 		Algorithm: jose.EdDSA,