- 3 minutes to read
What is a Cookie?
A cookie is a text file stored in the computer’s browser, which allows you to store and retrieve information on the client side. A web page instructs the browser to store information upon an initial visit, and when the user returns to the website the cookie is added to the HTTP header. Server side programs read this information to identify a user, and in some cases display customized content for that user.
A cookie contains the following data.
- A name-value pair containing the actual data.
- An expiry date after which it is no longer valid.
- The domain and path of the serverto which it should be sent.
Note that according to the same origin policy, cookies can only be accessed by pages originating from the same site. For example, the domain, application layer protocol, and port number (for most browsers) must match.
Cookie Limitation Standard
Practical web browsers have limits on the number and size of cookies that they can store. According to the IETF cookie specification, web browsers should provide the following minimum requirements:
- at least 300 cookies;
- at least 4096 bytes per cookie;
- at least 20 cookies per unique host or domain name.
The cookie specification recommends that applications use as few cookies as possible and as small a cookie as possible. Additionally, applications should be able to handle the loss of a cookie.
Refer to the RFC 2965 - Section 4.1.1 Syntax document to learn about allowed characters in cookies.
Actual cookie limitations vary from browser to browser. Each browser is limited by a per-domain cookie count and overall cookie size limit.
The table below illustrates these limitations based on the browser.
|Browser||Cookie count limit per domain||Total size of cookies|
The following issues arise if cookies exceed the browser limit.
- Any cookie that is set with a size greater than the limit is ignored (and not set).
- The oldest cookie is removed once the limit has been reached in order to store the new cookie.
- If the computer does not have sufficient space to store a cookie, it is discarded. The cookie is not truncated.
To support most browsers, cookies should not exceed 50 per domain, and total cookie size (across all cookies) should be less than or equal to 4093 bytes.