September 24, 2009

Browser's limitation on cookie

Interestingly, now most of them have come to a standard value on their limits. If you've ever worked on client side (i.e. javascript coding), you would really appreciate this and understand why its worth mentioning here. Here are the details:

Per domain limits

  1. Firefox - Both 2.x and 3.x allow 50 cookies per domain
  2. IE - Until IE6.x they supported only 20 cookies per domain and IE 7 and above this limit has been increased to 50 cookies per domain
  3. Opera - Opera 9 allows only 30 cookies per domain
  4. Safari - No limits

Maximum Cookie Limit

  1. Firefox - Both 2.x and 3.x allow 1000
  2. IE - Some posts suggested its 300. *
  3. Opera - 65536
  4. Safari - No limits


Maximum Cookie Size Limit

  1. This is almost uniform across the browsers (because they try to adhere to RFC 2109(Section 6.3) and limits to ~4KB = 4096 bytes

If you ever exceed any of these limits, browsers may behave differently. IE and Opera use LRU to decide which cookies to delete. FF seems to be using something different from LRU *.

So if you follow Graded Browser Support methodology for your website, here are the recommendations:
  1. Keep your cookie count to <=30 per domain. Remember that subdomains can access root domains cookies as well (so xyz.abc.com can access cookies for abc.com domain)
  2. Cookie size should not be more than 4096 bytes
  3. Use some of the standard libraries YUI Cookie or Ext.util.Cookies for cookie handling

And never forget that cookies are an overhead for any website. Most of the browsers would append them to each request that is sent from the client side; some of them are smart enough to figure which particular "path" really needs them (this depends on which path the cookie was set for). And there is limit on the header size that a server can handle, for example Apache puts a limit of ~8KB. I don't know about others *.

* - I did my part of research but ended up with no results. If you've any concrete information, please share with links in comments

1 comment:

tholme said...

Safari does not have a size limit on cookies (its atleast a lot bigger than 4096). The RFC 2109 also states that the minimal cookie size limit is 4096 bytes, but there are no restriction on maximum size.