Menu
Are there any limitations on the size of the cookie? Also, is this browser dependent?
741
Explanation: Each cookie can hold upto only 4 KB. In practice, browsers allow many more than 300 cookies total, but the 4 KB size limit may still be enforced by some.
The Size of a Cookie portion of the cookie only. What this means is that if you're writing a cookie and the cookie is less than 4096 bytes, then it will be supported by every browser and user agent that conforms to the RFC. Remember that this is the minimum requirement according to the RFC.
In a modern browser you have better client-side storage alternatives. It is not a good idea to add an overhead of more than 4KB to every HTTP request. You can have a maximum of 50 cookies per domain and a total of 4KB. i.e. you can have 1 cookie of 4096 bytes, or 2 cookies with 2048, and so on.
Cookie Limitations Most browsers support cookies of up to 4096 bytes. Because of this small limit, cookies are best used to store small amounts of data, or better yet, an identifier such as a user ID.
The "official" maximum size is 4KB, but I would prefer to keep it well under that: no more than a few hundred bytes, tops.
The reason is that cookies are transmitted from the client to the server with every single request - even when requesting images, css and js files (if they reside on the same host something you should avoid in general, but for small sites may not be worth the bother). That means that you'll be requiring the client to transmit 4KB for every request - remembering also that most consumer broadband has much slower upload speed than download speed.
136
Importantly the official cookie spec RFC 2965 states the minimums browser should adhere to:
5.3 Implementation Limits Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents SHOULD provide each of the following minimum capabilities individually, although not necessarily simultaneously:
- at least 300 cookies
- at least 4096 bytes per cookie (as measured by the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie2 header, and as received in the Set-Cookie2 header)
- at least 20 cookies per unique host or domain name
User agents created for specific purposes or for limited-capacity devices SHOULD provide at least 20 cookies of 4096 bytes, to ensure that the user can interact with a session-based origin server.
The information in a Set-Cookie2 response header MUST be retained in its entirety. If for some reason there is inadequate space to store the cookie, it MUST be discarded, not truncated. Applications should use as few and as small cookies as possible, and they should cope gracefully with the loss of a cookie.
Read more: http://www.faqs.org/rfcs/rfc2965.html#ixzz0rjy5CJQa
From the cookie FAQ:
Microsoft saves cookies into the "Temporary Internet Files" folder, a system folder that you can set the maximum size of (the default is 2% of your hard drive).
In any event, remember that most cookie files are 4KB or smaller, so you would need about a million cookies to fill up a 4GB drive. This is incredibly unlikely.
You'll see the 4kb limit reference around the internet along with other useful stats.
29
If I recall correctly, independent of browser. See Can cookies get too big.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
