I have three JS books but totally can't understand the maximum limits for cookies so please excuse another very novice question from me.

I read that there can only be 20 from your server, but don't understand what that means. I use a webhosting service. It's not likely, but what if a user visited 25 websites from the same server at the same webhosting service. Could they only have a cookie from 20? Obviously I don't understand with a question like that!

My concern is because my website now writes 20 cookies on my user's PCs. Is that my limit?

On the other hand, when I look at the cookie files written to my own PC I only see one file containing info for more than one cookie. Is only one file written to contain all the cookies? Up to 20?

All that confused rambling is really one question. My second is how much data can a cookie contain? In another post I read 4kb. Is that equivalent to text of about 4,000 characters?

Perhaps someone can point me to a tutorial on cookies (for slow people).

Thanks! Peter

Well, there's a few resources out there. RFC2109 (http://www.ietf.org/rfc/rfc2109.txt) is the spec that counts, and the most interesting part is this:

6.3 Implementation Limits

Practical user agent implementations have limits on the number and
size of cookies that they can store. In general, user agents' cookie
support should have no fixed limits. They should strive to store as
many frequently-used cookies as possible. Furthermore, general-use
user agents should provide each of the following minimum capabilities
individually, although not necessarily simultaneously:

* at least 300 cookies

* at least 4096 bytes per cookie (as measured by the size of the
characters that comprise the cookie non-terminal in the syntax
description of the Set-Cookie header)

* at least 20 cookies per unique host or domain name

User agents created for specific purposes or for limited-capacity
devices should provide at least 20 cookies of 4096 bytes, to ensure
that the user can interact with a session-based origin server.

The information in a Set-Cookie response header must be retained in
its entirety. If for some reason there is inadequate space to store
the cookie, it must be discarded, not truncated.

Applications should use as few and as small cookies as possible, and
they should cope gracefully with the loss of a cookie.


The Unofficial Cookie FAQ (http://www.cookiecentral.com/faq/) holds most information you are likely to be interested in.

If it doesn't, try Cookie Central (http://www.cookiecentral.com/).

Does that mean then that in a practical sense and to be safe:

1. I should write no more that 20 cookies.

2. I should not write a cookie over, say, 4,000 characters.

To date, I have only written very small cookies. But I would like to save a few paragraphs of text. So I guess I could:

if (paragraphs.length>4000) {alert("Text is too large to save.") else {writeCookie(.....

Am I on the right track?

Thanks so much, Peter

As I understand it, in nn, ie, moz those are the effective rules, not just minimums.

The limit lies not on the server level, but on the domain level. A single server can contain sites on several domains, and (but less usual) a single domain can span several servers. The real limitation here is the part you put between the second and third slash in the url. 20 cookies per each domain, least used cookie gets thrown out first. (Note that this means there's a difference between http://www.example.com/ and http://example.com/, for example.)

A good limitation is to do something like that, yes. I also think 20 cookies from a single site is a tad much - can't you join a few of them together? How about using a compression layer?

As for the 4k rule, yes, that's the limit for one cookie.

I'm sure one of my books said 20 per server, but I probably just misunderstood or misread something. Doesn't matter. I understand what you're saying and appreciate the help.

I just looked at my 20 cookies and had to laugh. I just kept adding them without worrying about keeping the number down... till I got to 20. When I need another I can make some changes.

I have a cookie to store weight in pounds, kilograms, or British stones. I mean one cookie for each! Yet you would never use more than one.

Not only that, but I already have another cookie that says which is being used... coded for another purpose. That's why I was laughing. I could obviously check the latter cookie to see which is being used... then I would only need one cookie instead of three to store the weight.

I don't know what you mean my compression layer, but perhaps you mean storing more than one item in a single cookie. I could use a single cookie to store "lb,180"... lb saying that I'm storing the weight in pounds and 180 being the weight. Then I'd read up to the comma first to get the format and then after the comma to get the weight.

If that's not what you mean or if it's not a good technique please let me know. (I'm not sure which would take longer... reading two cookies as I do now or reading one and breaking out the two pieces of data. The latter obviously involves more coding to be loaded into the user's browser. Difference if probably insignificant.)

Thanks again for your good explanations, Peter

P.S.

On another subject you brought to mind... I have never understood when www. is needed in typing a URL to get to a website. So often you hear it in a URL, but 99.99% of the time I don't need to type it.

I finally GUESSED that, let's say you're on a PC within a university network or a big company. You would have to type the www. in a URL to tell your PC to escape the university or company network and take you out to the World Wide Web.

At home, on the other hand, I don't need to type it because that's the only place my PC would look.

Problem with my GUESS is that on rare occasions... United Airlines and Amtrak and a couple others... I can't find the website without typing the www. which blows my theory. ???

The www refer to a subdomain inside a domain - often each server gets it's own subdomain. It's common practice to use the subdomain for purpose distinction - pop3.example.com would be a pop3 server, www.example.com would be a web server, ftp.example.com would be a file server, smtp.example.com would be an smtp server etc. Often administrators either set up their domain to point to their webserver, so that it doesn't make any difference if you enter example.com or www.example.com. Some even make intelligent redirection, so that an ftp request for example.com points to ftp.example.com while an http request for example.com points to www.example.com. Some doesn't do this kind of redirection, though.

First of all, you can store multiple values in the same cookie, either comma separated or separated by some other character (you can't allow semicolons or newlines in a cookie, mind). By compression layer, I mean that you can use some code that compresses a string to something shorter than the original. I don't know of any good JavaScript implementation of such a thing right off my head, though.

here's an example:
sOriginal=
"document.body and document.documentElement point to the body and html elements of the document, respectively"
sCompressed=
"~.#~.~E^ points to¨#html e^s of¨~, respectively|½ment|~docu½|^le½|+ and |¨ the |#body+";

function decode(str){
var
a=str.split(/|/g),
i=a.length;
do a[0].replace(RegExp(a[i].slice(0,1),'g'),a[i].slice(1));
while(0<--i);
return a[0];
}