****
... I just went ahead and wrote a CGI script that redirects to itself and grows a
cookie and stores its length in a URL field like "cookie.cgi?len=200" until
the length in the URL and the actual cookie length no longer matches.
Here's a few results from various browsers:
Firefox 3.0.12: 4000
Firefox 3.5: 4000
curl 7.19.5: 4999
IE 8: 5000
Opera 10.00 beta: 4000
Android 1.5 browser: 4000
Chrome 3.0.195.6: 4000
Wget 1.11.4: 7000[*]
mobile safari (iphone): 8000
lynx 2.8.7dev.9: 4000
I think we can safely say that most browsers support at least 4000 characters
cookie contents.
[*] = this reports "500 Internal Server Error" on 8000, which I don't
understand why but haven't bothered much more about.
The test is live here: http://daniel.haxx.se/test/longcookie.cgi Feel free to
use it if you want to try out other browsers, without torturing it of course!
And the perl script that runs it looks like this:
require "CGI.pm";
$len = CGI::param('len');
$c = CGI::cookie('data');
print "Content-Type: text/html\n";
if($len == length($c)) {
$c .= "A" x 1000;
$len += 1000;
print "Set-Cookie: data=$c\n";
print "Location: longcookie.cgi?len=$len\n";
print "\nmoo\n";
}
else {
printf "\nMax cookie length: %d\n", length($c);
}
6 comments:
Maybe it would also be interesting to test this for the different HTTP-proxies out there as well.
Just the information I was seeking.
Some older IE versions would make this even better (although they probably also exceed the 4000 chars).
Thanks for posting :-)
That's excellent. Trying to figure out something cool for logging page views.
Thank you
These limits have changed a lot over the past many years. Re-verify!
Post a Comment