Comments on: Browser cookie restriction research http://ajaxian.com/archives/browser-cookie-restriction-research Cleaning up the web with Ajax Thu, 17 May 2012 07:43:39 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: briandunnington http://ajaxian.com/archives/browser-cookie-restriction-research/comment-page-1#comment-265664 briandunnington Fri, 04 Jul 2008 19:57:36 +0000 http://ajaxian.com/archives/browser-cookie-restriction-research#comment-265664 although opera will accept up to 30 cookies, and the max size is 4096, there is also a total-size-for-all-cookies-per-domain limit of 5000 bytes. so if you use a really large cookie, you may only be able to store one cookie: http://my.opera.com/gorme/blog/show.dml/13293 you can also use this online test tool to test your cookie limits: http://krijnhoetmer.nl/stuff/javascript/maximum-cookies/ if you use very large values for the cookie value, you can see that opera starts to discard many more cookies. although opera will accept up to 30 cookies, and the max size is 4096, there is also a total-size-for-all-cookies-per-domain limit of 5000 bytes. so if you use a really large cookie, you may only be able to store one cookie:
http://my.opera.com/gorme/blog/show.dml/13293

you can also use this online test tool to test your cookie limits:
http://krijnhoetmer.nl/stuff/javascript/maximum-cookies/

if you use very large values for the cookie value, you can see that opera starts to discard many more cookies.

]]> By: Joeri http://ajaxian.com/archives/browser-cookie-restriction-research/comment-page-1#comment-263985 Joeri Wed, 21 May 2008 11:20:35 +0000 http://ajaxian.com/archives/browser-cookie-restriction-research#comment-263985 For anyone interested, this is the knowledge base article for the IE bump from 20 to 50 cookies per domain: http://support.microsoft.com/kb/941495 For anyone interested, this is the knowledge base article for the IE bump from 20 to 50 cookies per domain:
http://support.microsoft.com/kb/941495

]]> By: jclawson http://ajaxian.com/archives/browser-cookie-restriction-research/comment-page-1#comment-263976 jclawson Tue, 20 May 2008 18:22:07 +0000 http://ajaxian.com/archives/browser-cookie-restriction-research#comment-263976 Ok, more specifically... Even though you can store 4095 characters in a cookie, Apache, by default only accepts a header with a length of 8190. This includes the cookie names, equals sign, value, and all headers sent in the request (including the GET parameters). We were running into this issue using ExtJS and the default cookie state provider. You can read more about this here: http://www.jasonclawson.com/2008/05/20/ext-21-state-managment-issues-dont-use-it/ Ok, more specifically… Even though you can store 4095 characters in a cookie, Apache, by default only accepts a header with a length of 8190. This includes the cookie names, equals sign, value, and all headers sent in the request (including the GET parameters).

We were running into this issue using ExtJS and the default cookie state provider. You can read more about this here: http://www.jasonclawson.com/2008/05/20/ext-21-state-managment-issues-dont-use-it/

]]> By: Nosredna http://ajaxian.com/archives/browser-cookie-restriction-research/comment-page-1#comment-263975 Nosredna Tue, 20 May 2008 17:58:16 +0000 http://ajaxian.com/archives/browser-cookie-restriction-research#comment-263975 >>Interesting research but i’ve never understood why anyone would set more than 2 cookies for a user and why you would need 4095 characters is beyond me. Well, I have a case in a personal financial application where I do a lot of statistics. If I save the results into a cookie, the user bypasses anywhere from 10 seconds to 2 minutes of processing. The resultant data is a few kilobytes. If the cookie is cleared, no problem, but the user has to sit through the processing again. >>Interesting research but i’ve never understood why anyone would set more than 2 cookies for a user and why you would need 4095 characters is beyond me.

Well, I have a case in a personal financial application where I do a lot of statistics. If I save the results into a cookie, the user bypasses anywhere from 10 seconds to 2 minutes of processing. The resultant data is a few kilobytes. If the cookie is cleared, no problem, but the user has to sit through the processing again.

]]> By: mojave http://ajaxian.com/archives/browser-cookie-restriction-research/comment-page-1#comment-263973 mojave Tue, 20 May 2008 17:19:20 +0000 http://ajaxian.com/archives/browser-cookie-restriction-research#comment-263973 Interesting research but i've never understood why anyone would set more than 2 cookies for a user and why you would need 4095 characters is beyond me. I realize Rails has done this insanely stupid thing where it stores session data in cookies, but that's about as intelligent as using lighttpd and fastcgi. "Let's send data to the sever just to store it back in the client oh and while we're at it we'll send it with every freaking request." Thanks I'll stick to storing state in memcache or a hash table. Interesting research but i’ve never understood why anyone would set more than 2 cookies for a user and why you would need 4095 characters is beyond me. I realize Rails has done this insanely stupid thing where it stores session data in cookies, but that’s about as intelligent as using lighttpd and fastcgi. “Let’s send data to the sever just to store it back in the client oh and while we’re at it we’ll send it with every freaking request.” Thanks I’ll stick to storing state in memcache or a hash table.

]]> By: jclawson http://ajaxian.com/archives/browser-cookie-restriction-research/comment-page-1#comment-263969 jclawson Tue, 20 May 2008 16:49:55 +0000 http://ajaxian.com/archives/browser-cookie-restriction-research#comment-263969 I recently encountered a problem where firefox would fail to make the page request if there were a large number of cookies and the GET request was beyond a certain length. Clearing the cookies fixed the issue. I will create a demo and post it on my blog later. I recently encountered a problem where firefox would fail to make the page request if there were a large number of cookies and the GET request was beyond a certain length. Clearing the cookies fixed the issue. I will create a demo and post it on my blog later.

]]> By: MaratDenenberg http://ajaxian.com/archives/browser-cookie-restriction-research/comment-page-1#comment-263967 MaratDenenberg Tue, 20 May 2008 16:42:33 +0000 http://ajaxian.com/archives/browser-cookie-restriction-research#comment-263967 You can get around the cookie limit by serializing your data, for instance in JSON format. Just be mindful of the character limit. You can write a small class to automate everything, like a cookie manager, that will make sure you don't go over the limit. You can get around the cookie limit by serializing your data, for instance in JSON format. Just be mindful of the character limit. You can write a small class to automate everything, like a cookie manager, that will make sure you don’t go over the limit.

]]> By: ilazarte http://ajaxian.com/archives/browser-cookie-restriction-research/comment-page-1#comment-263966 ilazarte Tue, 20 May 2008 16:34:58 +0000 http://ajaxian.com/archives/browser-cookie-restriction-research#comment-263966 He also could've checked wikipedia to read the same thing :) He also could’ve checked wikipedia to read the same thing :)

]]> By: Nosredna http://ajaxian.com/archives/browser-cookie-restriction-research/comment-page-1#comment-263961 Nosredna Tue, 20 May 2008 14:45:26 +0000 http://ajaxian.com/archives/browser-cookie-restriction-research#comment-263961 This can be tricky stuff when you consider dependencies. I especially don't like what Firefox appears to be doing. I'd like to know why they aren't using LRU. If you can't manage to store a bunch of grouped data in a cookie and have to split it up into different cookies, you have to make sure that all the data is still extant before launch into code that assumes all the data is there. This can bite you if you aren't thinking clearly about it every time you use cookies. It's as if a random chunk of your variable space can disappear at any time. Setting up unit tests and QA for this stuff is tricky. If you can keep all your cookie data in one 4000 character chunk, great. If you can't, it seems to me you really want to be careful not to pass 20 cookies, just in case you run into an old browser. (Anyone know more about when IE switched from 20 to 50?) This can be tricky stuff when you consider dependencies. I especially don’t like what Firefox appears to be doing. I’d like to know why they aren’t using LRU.

If you can’t manage to store a bunch of grouped data in a cookie and have to split it up into different cookies, you have to make sure that all the data is still extant before launch into code that assumes all the data is there. This can bite you if you aren’t thinking clearly about it every time you use cookies.

It’s as if a random chunk of your variable space can disappear at any time. Setting up unit tests and QA for this stuff is tricky.

If you can keep all your cookie data in one 4000 character chunk, great. If you can’t, it seems to me you really want to be careful not to pass 20 cookies, just in case you run into an old browser. (Anyone know more about when IE switched from 20 to 50?)

]]>