What is the number and size of cookies allowed by major browsers?

It varies from browser to browser. The biggest limitation is IE6 which can only accept 20 domain cookies (all other modern browsers [FF3+, IE7/8, Safair 4/5, Chrome] can accept much much more). Once IE6 reaches it's 20 cookie limit, it randomly overwrites an older cookie, which is a major concern since you'll never know which one got removed.

If you like the run some specific tests -- visit this blog post and experiment with the authors test scripts.

http://www.ghacks.net/2008/08/16/browser-cookie-limits/

Hope that helps.

AFAIK the number of cookies you can set is 20 per domain or 300 maximum and each cookie across the board is generally capped at a 4k limit.

The RFC for cookies (section 6.3) has most of the information you want to find.

As far as setting a cookie larger than the recommended size is concerned, I would suggest that some browsers will handle that differently, but taking the lowest-common denominator into consideration (IE6), I'd suggest you consider different forms of data persistence if you have that much data you need to store.

I looked into this today, if you want to support most browsers, then don't exceed 30 cookies per domain, and don't exceed 4095 bytes per domain (i.e. total size of all cookies <= 4095 bytes).

As for what happens when you exceed the limit, that depends on each browser and which limit you exceed. For example, in Chrome 8, when I add cookie 181, 20 cookies get deleted. Also in chrome 8, when I add a cookie with 5000 bytes, it gets truncated down to 4096 bytes. I suspect truncating is the standard way to handle over sized cookies.

To read more about it here is my test page and results.