11

I am learning about cookies, and I wonder about browser support:

  • For each domain/web site, how many cookies may be sent to a browser, and of what size?

  • If multiple cookies are sent and stored, does that affect performance?

Arjan
  • 30,974
  • 14
  • 75
  • 112
user23982
  • 211
  • 1
  • 2
  • 4
  • it's fine where it is; we now have two versions, one for SU (browser exe info) and one for SO (programmery info) http://stackoverflow.com/questions/2093793/what-is-the-maximum-size-of-a-cookie-and-how-many-can-be-stored-in-a-browser-for – Jeff Atwood Jan 19 '10 at 16:57

2 Answers2

11

Different browsers have different size limits on cookies. Some general guidelines:

Most of the documentation I've found (and there isn’t much) suggests that web browsers must support a minimum of:

  • 300 cookies in total
  • 20 cookies per domain
  • 4096 bytes per cookie

It seems as though this minimum requirement is part of the original RFC for cookies – see section 6.3 specifically.

A page that lists the actual in-practice cookie limits for several browsers:

Per Domain Cookie Limit

Here is a test script to test your browser:

  • Firefox 2: 501
  • Firefox 3: 501
  • Internet Explorer 72: 50 (after applying a patch from Microsoft)
  • Opera 9: 30
  • Safari: No Limit(!)

Maximum Cookie Limit:

  • Firefox 2: 10001
  • Firefox 3: 10001
  • Internet Explorer: unknown
  • Opera: unknown

1 can be set between 0 and 65535
2 documented by Microsoft here

Cookies are not saved on a server basis but on a domain basis (a server may host many domains or the opposite a server farm may be serving a single domain).

In general, I would avoid saving lots of information in cookies, as the data gets sent to and from the browser on every request. As you suggest in your question, this can have a effect on performance.

Usually one stores small amounts of data in the cookie, mostly used to identify the user/session so more data can be picked up from a database or another resource local to the web server.

Community
  • 1
Oded
  • 1,136
  • 9
  • 21
  • Cookies are quite unreliable as a state-preserving tool, because browser settings may block cookies from some or all domains. – harrymc Jan 19 '10 at 17:21
  • [Here is a test page](http://myownplayground.atspace.com/cookietest.html) containing many of the latest browser limits. Some have moved on since this was written. – Iain Apr 09 '11 at 21:16
0

Based on my research I recommend you use no more than 50 cookies, and no more than 4093 bytes for all cookies per domain.

The lowest common denominator is:

  • IE 8/9/10/11 have a limit of 50 cookies, 5117 characters per cookie, and 10234 bytes per domain
  • Safari ?? on iPad iOS 5.1 have a limit of 600 cookies, 4093 bytes per cookie, and 4093 bytes per domain

Out of interest, notice that IE has a character limit while most have a byte limit. This means for multi-byte encodings like UTF-8 IE can fit in more data.

You can read more here: http://browsercookielimits.squawky.net/

Iain
  • 113
  • 4