View Full Version : Clarification on cookies

Mr J
01-07-2004, 01:41 AM
I just need to check some info here.

Am I right in assuming that you can saved up to 20 cookies, 4KB each, in one cookie document

01-07-2004, 02:23 AM
Well, not entirely. First of all, those are guidelines (for minimum limits), not even recommendations and certainly not standards. Iew and nn, now also moz, use them dogmatically as absolute limits, however. Second, there is no defined priority order for the other limit, the one about total amount of cookies from all domains. Whether a browser uses that limit to simply not let any more cookies to be written, or whether they throw out the oldest one for that domain, or even maybe the oldest one of them all, or the oldest one from the domain that you have visisted longest ago, is as I understand it undefined and may be either way. It may even decide to clean out all previous cookies when you break that limit. The Netscape cookie spec gives more detail about how they chose to do it.

But, you are correct for those two browsers, and I doubt other browsers are going to be more restrictive in this perspective.

01-07-2004, 03:14 AM
Not 4KB each - 4KB in total, split among up to 20 cookies.

01-07-2004, 12:00 PM
Not according to the Netscape cookie spec.

From <http://wp.netscape.com/newsref/std/cookie_spec.html>:
There are limitations on the number of cookies that a client can store at any one time. This is a specification of the minimum number of cookies that a client should be prepared to receive and store.

* 300 total cookies
* 4 kilobytes per cookie, where the name and the OPAQUE_STRING combine to form the 4 kilobyte limit.
* 20 cookies per server or domain. (note that completely specified hosts and domains are treated as separate entities and have a 20 cookie limitation for each, not combined)

Servers should not expect clients to be able to exceed these limits. When the 300 cookie limit or the 20 cookie per server limit is exceeded, clients should delete the least recently used cookie. When a cookie larger than 4 kilobytes is encountered the cookie should be trimmed to fit, but the name should remain intact as long as it is less than 4 kilobytes.Note that this spec is not a recommendation, nor is it a standard.