Redemption blogged

Browser Cookies Limitations (IE6 , IE7 and others)

Some Browser Cookie gotchas from research and personal testing:
  • IE6 and IE7 Support max 20 cookies per domain.
    • If you set a 21st cookie the oldest cookie is no longer available to the server
  • IE6 has a bug where the max length of all cookies combined can be no more than 4096bytes (the RFC states a browser should support 20 cookies up to 4096 bytes PER cookie).
  • IE stores cookies for a domain and its subdomains separately, so you can store 20 cookies in each of abc.foobar.com, foobar.com and xyz.foobar.com. In such a scenario going to abc.foobar.com you will have access to a total of 40 cookies (20 set for domain foobar.com and 20 for abc.foobar.com)
After the August 2007 IE update:
  • IE7 supports max 50 cookies per domain, but the 4096 limit still exists!
Note that regardless of the above, reports seem to indicate that Opera had a 30 cookie limit (not sure if this is still true).


****Even if a browser supported unlimited cookies, the more cookies you set for your domain the slower a site gets!!!*****

Good Practice:

Set paths for your cookies. IE and other browsers only send cookies to the server if the requested URL matches the path of a cookie. This can potentially save alot of bandwidth and improve performance. For instance if I am setting forum specific cookies I would set the path to /forums/.

web development wwii world war ie6 ie7 cookies

Responses (4)

0 thumbs!
#
tekmosis Jan 6, 09
Nice, so IE6 implemented a 4096 byte total for all cookies and even with IE7 you can still only have 4086 bytes for all cookies even though the RFC says otherwise, another brilliant play on MS' part. What RFC # is that?
0 thumbs!
#
Redemption Jan 6, 09
RFC 2965. I don't think this is an intentional situation with MS. It seems to me by reading some of their bulletins that they are aware of the problem and seem to want to solve it, but there must be some sort of architectural limitation. I'm not sure why IE7 didn't solve this though. (Note: the 4096byte total is PER domain).

Here's the relevant passage from the RFC:

quote
Practical user agent implementations have limits on the number and
size of cookies that they can store. In general, user agents' cookie
support should have no fixed limits. They should strive to store as
many frequently-used cookies as possible. Furthermore, general-use
user agents SHOULD provide each of the following minimum capabilities
individually, although not necessarily simultaneously:

* at least 300 cookies

* at least 4096 bytes per cookie (as measured by the characters
that comprise the cookie non-terminal in the syntax description
of the Set-Cookie2 header, and as received in the Set-Cookie2
header)

* at least 20 cookies per unique host or domain name

User agents created for specific purposes or for limited-capacity
devices SHOULD provide at least 20 cookies of 4096 bytes, to ensure
that the user can interact with a session-based origin server.
0 thumbs!
#
prabhath Aug 11, 10
How you were testing it ? Is it using client side scripting? The limitation in IE might be a bug in client side script (document.cookie) implementation !!
0 thumbs!
#
Redemption Aug 13, 10
If I recall correctly I was testing using PHP's setcookie() function (server side function that sends cookies in HTTP headers). I used Firefox as a control and it had no trouble with cookies as far as I tested, at least not the limitations I found in IE6/IE7
(0.0369/d/www3)