Per domain limits
- Firefox - Both 2.x and 3.x allow 50 cookies per domain
- IE - Until IE6.x they supported only 20 cookies per domain and IE 7 and above this limit has been increased to 50 cookies per domain
- Opera - Opera 9 allows only 30 cookies per domain
- Safari - No limits
Maximum Cookie Limit
- Firefox - Both 2.x and 3.x allow 1000
- IE - Some posts suggested its 300. *
- Opera - 65536
- Safari - No limits
Maximum Cookie Size Limit
- This is almost uniform across the browsers (because they try to adhere to RFC 2109(Section 6.3) and limits to ~4KB = 4096 bytes
If you ever exceed any of these limits, browsers may behave differently. IE and Opera use LRU to decide which cookies to delete. FF seems to be using something different from LRU *.
So if you follow Graded Browser Support methodology for your website, here are the recommendations:
- Keep your cookie count to <=30 per domain. Remember that subdomains can access root domains cookies as well (so xyz.abc.com can access cookies for abc.com domain)
- Cookie size should not be more than 4096 bytes
- Use some of the standard libraries YUI Cookie or Ext.util.Cookies for cookie handling
And never forget that cookies are an overhead for any website. Most of the browsers would append them to each request that is sent from the client side; some of them are smart enough to figure which particular "path" really needs them (this depends on which path the cookie was set for). And there is limit on the header size that a server can handle, for example Apache puts a limit of ~8KB. I don't know about others *.
* - I did my part of research but ended up with no results. If you've any concrete information, please share with links in comments