43
votes

What are the generic cookie limits for modern browsers, as of 2011? I'm particularly interested in:

  • Max size of a single cookie
  • Max number of cookies per host/domain name + path
  • Max number of cookies per host/domain name
  • Max number / max total size of all cookies in a given browser

I'm aware of RFC 2109 that specifies:

  • at least 300 cookies
  • at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)
  • at least 20 cookies per unique host or domain name

but what are real-world specs?

4

4 Answers

67
votes

Here's a handy tool to test it: http://browsercookielimits.iain.guru/

It reveals quite a lot about the internal details regarding cookies. Click "Run Tests for Current Browser" for the results (it only takes a moment).

For example, I ran all tests for Google Chrome 10.0.648.134 beta:

22:23:46.639: Starting
22:23:47.345: Count: Max Cookie count with Character Length 3 and character "1": 180
22:23:50.131: Size: Max Cookie Character Length using character "1": 4096
22:23:52.347: Count: Max Cookie count with Character Length 4096 and character "1": 180
22:23:54.517: Size: Max Cookie Character Length using character "ÿ": 2049
22:23:57.450: Count: Max Cookie count with Character Length 2049 and character "ÿ": 180
22:23:59.41: Count: Max Cookie count with Character Length 100 and character "1": 180
22:24:0.535: Count: Max Cookie count with Character Length 10 and character "1": 180
22:24:2.88: Count: Max Cookie count with Character Length 5 and character "1": 180
22:24:2.886: Guessing Max Cookie Count Per Domain: 180
22:24:2.887: Guessing Max Cookie Size Per Cookie: 4096 bytes
22:24:2.887: Guessing Max Cookie Size Per Domain: NA

This answer is pretty old, but I just checked results for the latest Chrome version, and they're essentially the same. Edit: updated the answers for Chrome 54.0.2840.98 (64-bit).

9
votes

According to this thread, Firefox 3.5 raised the total limit for all hosts to 3000, and Chrome followed their lead. All I've found for IE is "at least 300".

Also, while regular Safari appears to be unlimited, Mobile Safari (iPod Touch 2G) has a limit of 50 cookies per host, as does Android Browser (Android 2.2).

3
votes

You may also want to take a look at javascript for Client Side Storage, it's a feature of HTML5 that allows several Megabytes of data to be kept unseen on a visitors PC.

Several variants exist, here's one with good documentation http://www.jstorage.info/

Aside from Opera 10.10 and Safari-3 all mainstream browsers including IE6 support the feature. Though IE6 can only store 128kb as opposed to the 5 to 10 Mbytes that the more recent offerings can. Of course how often older versions of Opera and Safari show up in the visitor logs varies with each site so may not be ideal for all.

0
votes

In Firefox >= 63, the max number of cookies per domain is 180, cf pref "network.cookie.maxPerHost". When it reaches the limit, it will drop stale cookies, then drop non secure cookies. If nothing works, it will simply refuse the cookie (cf netwerk/cookie/nsCookieService.cpp)