Reputation: 10420
Maximum number of cookies allowed
As far as Google searches tell me, the maximum allowed number of cookies depends very much on the browser, however I cannot find any recent data as to how much cookies are allowed on modern browsers.
I need to store a somewhat large number of user preferences in cookies (for not-yet-registered users), so what would be the best way of doing that? (Also, those cookies would be accessed both via javascript client-side and php server-side)
Upvotes: 15
Views: 20081
Answers (6)
Reputation: 11254
I looked into this today, if you want to support most browsers, then don't exceed 50 cookies per domain, and don't exceed 4095 bytes per domain (i.e. total size of all cookies <= 4095 bytes)
To read more about it, here is the test page and results.
Upvotes: 4
Reputation: 11285
Not sure how much sense it makes from their point of view, but I've seen websites in the wild that were setting over 450 cookies and reporting to over 140 distinctive third party domains.
Upvotes: 0
Reputation: 3525
Number of Cookies:
- Chrome 9 allowed 180 cookies per domain
- Firefox 3.6.3 allowed 50 cookies per domain
- Internet Explorer 8 allowed 50 cookies per domain
- Opera 10 and 9 allowed 30 cookies per domain
Cookie size Limits (4096 bytes):
- Firefox and Safari allow cookies with up to 4097 characters, that’s 4096 for the name and value and one for the equals sign.
- Opera allows cookies with up to 4096 characters, which is for the name, value, and equals sign.
- Internet Explorer allows cookies with up to 4095 characters, which is for the name, value and, equals sign.
SRC: http://webdesign.about.com/od/cookies/f/cookies-per-domain-limit.htm and http://www.nczonline.net/blog/2008/05/17/browser-cookie-restrictions/
Upvotes: 6
Reputation: 3658
From the rfc:
at least 300 cookies
at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)
at least 20 cookies per unique host or domain name
Those are minimum requirements. The IE6 team didn't get that. Everything else is highly browser-specific. You'd better write a test-platform to test each browser. Test the maximum size and number with little incremental steps (and check if they still are readable).
Also, I seem to remember apache has a problem with huges numbers of cookies. Can't remember where i've seen that though.
Here is a little cookie-testing script: http://krijnhoetmer.nl/stuff/javascript/maximum-cookies/
Upvotes: 24
Reputation: 1478
IIRC, it's 20 for the majority general, more for some, and 10 for one particular browser (again IIRC, IE5.5?). Up to 10 is considered a safe number.
You don't really need more than one anyway - just use one to store an ID client-side and store everything you need stored server-side against that same ID. Apart from anything else, the less data you leave the the client, the less there is for them to remove/corrupt/hack/etc.
Upvotes: 2
Reputation: 321756
The best way would be to not store them in a cookie at all.
Store them in a database, and store the DB key in the cookie. If it's just a few preferences then security isn't much of an issue.
Don't forget that cookies will be sent with every request - if you have 2kb of cookie data and load 10 images on a page, that's an extra 22kb of data.
Upvotes: 16
Related Questions
- Increase limit of Cookies in a php application
- What are the current cookie limits in modern browsers?
- What happens if I exceed the limit of maximum cookies
- Maximum number of cookies per browser (not per hostname)
- Limit on number of cookies allowed? - err_spdy_protocol_error
- size limit for multiple cookies in javascript
- How many cookies can I set throught a single domain?
- Is too many cookies bad?
- Cookie limit on the site's individual pages
- How many values can be stored in $_COOKIE[] on the client for a website?