Maximum number of cookies allowed

From the rfc:

  • at least 300 cookies

  • at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)

  • at least 20 cookies per unique host or domain name

Those are minimum requirements. The IE6 team didn't get that. Everything else is highly browser-specific. You'd better write a test-platform to test each browser. Test the maximum size and number with little incremental steps (and check if they still are readable).

Also, I seem to remember apache has a problem with huges numbers of cookies. Can't remember where i've seen that though.

Here is a little cookie-testing script: http://krijnhoetmer.nl/stuff/javascript/maximum-cookies/


I looked into this today, if you want to support most browsers, then don't exceed 50 cookies per domain, and don't exceed 4095 bytes per domain (i.e. total size of all cookies <= 4095 bytes)

To read more about it, here is the test page and results.


The best way would be to not store them in a cookie at all.

Store them in a database, and store the DB key in the cookie. If it's just a few preferences then security isn't much of an issue.

Don't forget that cookies will be sent with every request - if you have 2kb of cookie data and load 10 images on a page, that's an extra 22kb of data.


Number of Cookies:

  • Chrome 9 allowed 180 cookies per domain
  • Firefox 3.6.3 allowed 50 cookies per domain
  • Internet Explorer 8 allowed 50 cookies per domain
  • Opera 10 and 9 allowed 30 cookies per domain

Cookie size Limits (4096 bytes):

  • Firefox and Safari allow cookies with up to 4097 characters, that’s 4096 for the name and value and one for the equals sign.
  • Opera allows cookies with up to 4096 characters, which is for the name, value, and equals sign.
  • Internet Explorer allows cookies with up to 4095 characters, which is for the name, value and, equals sign.

SRC: http://webdesign.about.com/od/cookies/f/cookies-per-domain-limit.htm and http://www.nczonline.net/blog/2008/05/17/browser-cookie-restrictions/

Tags:

Javascript

Php

Cookies

Recent Posts