What Are the Current Cookie Limits in Modern Browsers

What are the current cookie limits in modern browsers?

Here's a handy tool to test it: http://browsercookielimits.iain.guru/

It reveals quite a lot about the internal details regarding cookies. Click "Run Tests for Current Browser" for the results (it only takes a moment).

For example, I ran all tests for Google Chrome 10.0.648.134 beta:

22:23:46.639: Starting
22:23:47.345: Count: Max Cookie count with Character Length 3 and character "1": 180
22:23:50.131: Size: Max Cookie Character Length using character "1": 4096
22:23:52.347: Count: Max Cookie count with Character Length 4096 and character "1": 180
22:23:54.517: Size: Max Cookie Character Length using character "ÿ": 2049
22:23:57.450: Count: Max Cookie count with Character Length 2049 and character "ÿ": 180
22:23:59.41: Count: Max Cookie count with Character Length 100 and character "1": 180
22:24:0.535: Count: Max Cookie count with Character Length 10 and character "1": 180
22:24:2.88: Count: Max Cookie count with Character Length 5 and character "1": 180
22:24:2.886: Guessing Max Cookie Count Per Domain: 180
22:24:2.887: Guessing Max Cookie Size Per Cookie: 4096 bytes
22:24:2.887: Guessing Max Cookie Size Per Domain: NA

This answer is pretty old, but I just checked results for the latest Chrome version, and they're essentially the same.
Edit: updated the answers for Chrome 54.0.2840.98 (64-bit).

Maximum Cookie Size of current browsers (Year 2018)

The cookie spec definition in RFC6265 (April 2011) is the current RFC (No new draft and no new RFC) and is supported by all major browsers (IE,Chrome,Opera,Firefox) today.

  • At least 4096 bytes for the entire cookie (as measured by the sum of all of the cookie names, values, and attributes).

  • At least 50 cookies per domain, provided they don't go over the above limit.

  • At least 3000 cookies total.

So all modern browsers support AT LEAST this. Any other limit values are a gamble

See 6.1. Limits in https://datatracker.ietf.org/doc/rfc6265/ for more details

What is the maximum size of a cookie, and how many can be stored in a browser for each web site?

Firstly, I suggest you don't worry about this issue. There is AMPLE room to serialize tons of identifiers to.

Secondly it's not stored by web-server but by web-domain — e.g., www.google.com and not the 100's of different physical servers that serve the Google domain.

Thirdly if you do have to worry know that there are two possible cookie headers. The sizes of these cookie headers are determined by the browser software limits.

Design Discussion

What you don't want to use the cookie header for is sending details about a client's session. E.g., don't try to stuff the email a client is typing into a cookie if you are building an email front-end. Instead you would send the client a cookie that represents his identity+session: you store all sessions data against this identity. You can store tens of identifiers (4–16 bytes) per cookie header and no one needs more than say 4 of these. The cookies data (as an integer) tends to be encoded to base64 which increases the byte-count.

Performance

Your browser sends a plethora of headers to a web-server. The cookie is just another 100-1000 bytes (mostly closer to 100). At both extremes it takes only a fraction of time to send these to the web-server — when placed into context of course. You should keep in mind that the web is built on text based protocols.

chrome cookie size limit

Chrome supports HTML5 localStorage that allows you to use a dictionary style look up. You can use this to store larger amounts of data instead of passing them back and forth using cookies.

What is the cookie size limitation for IE9 and IE 10?

Related questions:

  • What are the current cookie limits in modern browsers?
  • What is the number and size of cookies allowed by major browsers?

IE10

Max size per cookie: 5117 chars

Max size per domain: 10234 chars

IE 9

(info missing)

According to this site (http://browsercookielimits.iain.guru/) (mirror here) IE8, 9 and 10 behave in the very same way.

In the doubt that this may be outdated, I ran the test with my version of IE (10.0.9200.16580) and got pretty consistent results:

17:34:29.657: Starting
17:34:29.706: Max Cookies with Character Length 3 and character "1": 50
17:34:30.776: Max Cookie Character Length using character "1": 5117
17:34:30.854: Max Cookies with Character Length 5117 and character "1": 2
17:34:31.911: Max Cookie Character Length using character "ÿ": 5117
17:34:31.985: Max Cookies with Character Length 5117 and character "ÿ": 2
17:34:32.66: Max Cookies with Character Length 100 and character "1": 50
17:34:32.148: Max Cookies with Character Length 10 and character "1": 50
17:34:32.228: Max Cookies with Character Length 5 and character "1": 50
17:34:32.273: Guessing Max Cookie Count Per Domain: 50
17:34:32.279: Guessing Max Cookie Size Per Cookie: 5117 characters
17:34:32.284: Guessing Max Cookie Size Per Domain: Between 10234 and 15350 characters
17:34:43.479: Starting to get Accurate Max Size Per Domain, may take awhile
17:34:45.539: Max Cookies Size Per Domain: 10234
17:34:45.579: Guessing Max Cookie Size Per Domain: 10234 characters

Sources:

  • http://www.jstorage.info/
  • http://browsercookielimits.iain.guru/
  • http://www.ghacks.net/2008/08/16/browser-cookie-limits/ (no info for IE though)
  • http://www.nczonline.net/blog/2008/05/17/browser-cookie-restrictions/

How much data can I store in a cookie

Here are the limits according to 'browser cookie limits':

Chrome & Firefox - No limit to the number of cookies; limit of 4096 bytes per cookie.

IE8-10 - 5117 characters per cookie; limit of 10234 characters.

Safari on Mac - 4093 bytes per cookie. Limit of 4093 bytes.

Safari Mobile - 4093 bytes per cookie. Limit of 4093 bytes.

Android - 4093 bytes per cookie. No limit.

Source:
http://browsercookielimits.x64.me/#limits

I'd say if you have a destkop application, to be bound by the limits of IE or even Safari if you have Mac users. If it is on the phone, than definitely just 4093 bytes. If you need more, you are going to save to the server or create two different experiences for Safari / IE and Firefox / Chrome users.

What happens if I exceed the limit of maximum cookies

Short Answer:

  1. If you exceed the limits per host/domain, the cookies simply won't be saved.

  2. If you exceed the total number of cookies, Your browser will alert you that the maximum number of cookies has been reached

Note that your question states that the max number of cookies per host is 20 and the total allowed is 300. However, this is not completely true. The number of maximum cookies is highly dependent on the Browser. For example,

  • Chrome 9 allowed 180 cookies per domain
  • Firefox 3.6.3 allowed 50 cookies per domain

As far as the RFC spec goes, the minimum requirements are:

  • at least 300 cookies
  • at least 4096 bytes per cookie
  • at least 20 cookies
    per unique host or domain name

This resource can help you test browser cookie limits. Also this SO post will shed some light on the design and performance aspect.

References: Cookie Limit per domain, Browser Cookie Restrictions


Related Topics

JavaScript Function Order: Why Does It Matter

Limit Concurrency of Promise Being Run

How to Replace Captured Groups Only

Is <Boolean Expression> && Statement() the Same as If(<Boolean Expression>) Statement()

How to Clone a JavaScript Object Except for One Key

How to Log All Events Fired by an Element in Jquery

Get Loop Counter/Index Using For…Of Syntax in JavaScript

Fulfill (Don't Resolve) Promise with Another Promise

Nodemailer with Gmail and Nodejs

Node.Js Shell Command Execution

Search Recursively for Value in Object by Property Name

How to Build Query String with JavaScript

How to Automatically Reload a Page After a Given Period of Inactivity

Watch Multiple $Scope Attributes

Generate HTML Table from 2D JavaScript Array

How to Filter JSON Data in JavaScript or Jquery

How to Get All Options of a Select Using Jquery

Javascript: Converting String to Number


Leave a reply



Submit