Saturday, August 8, 2009

Real world cookie length limits

Daniel Stenberg recently posted some interesting test code and browser results to describing the maximum amount of data that can be stored in a cookie:


... I just went ahead and wrote a CGI script that redirects to itself and grows a
cookie and stores its length in a URL field like "cookie.cgi?len=200" until
the length in the URL and the actual cookie length no longer matches.

Here's a few results from various browsers:

Firefox 3.0.12: 4000
Firefox 3.5: 4000
curl 7.19.5: 4999
IE 8: 5000
Opera 10.00 beta: 4000
Android 1.5 browser: 4000
Chrome 4000
Wget 1.11.4: 7000[*]
mobile safari (iphone): 8000
lynx 2.8.7dev.9: 4000

I think we can safely say that most browsers support at least 4000 characters
cookie contents.

[*] = this reports "500 Internal Server Error" on 8000, which I don't
understand why but haven't bothered much more about.

The test is live here: Feel free to
use it if you want to try out other browsers, without torturing it of course!

And the perl script that runs it looks like this:

require "";

$len = CGI::param('len');
$c = CGI::cookie('data');

print "Content-Type: text/html\n";

if($len == length($c)) {
$c .= "A" x 1000;
$len += 1000;
print "Set-Cookie: data=$c\n";

print "Location: longcookie.cgi?len=$len\n";
print "\nmoo\n";
else {
printf "\nMax cookie length: %d\n", length($c);


Patrik Wallström said...

Maybe it would also be interesting to test this for the different HTTP-proxies out there as well.

Anonymous said...

Just the information I was seeking.

Anonymous said...

Some older IE versions would make this even better (although they probably also exceed the 4000 chars).

Thanks for posting :-)

Unknown said...

That's excellent. Trying to figure out something cool for logging page views.

Unknown said...

Thank you

Jim Manico said...

These limits have changed a lot over the past many years. Re-verify!