Sunday, November 27, 2016

Cookie limits - browser side

If you search the net for 'cookie limits', you'll find this site http://browsercookielimits.squawky.net/ (or variations of it). I was baffled that max total cookies size is a 'guess' within a fairly large interval. So I set to write my own version and hope to get more accurate numbers.

Here  is the result: http://alinconstantin.com/download/browsercookies/cookies.html

It turned out the limits guessed were accurate already (no variation interval was necessary). But it was interesting to learn more about cookies and javascript. Here are a few notes.
  • JavaScript support for cookies sucks, it's a weird mechanism. Setting a cookie is done by setting a property, document.cookie, but reading back that property returns all cookies set (just names and values, even though cookies set could have other properties like path or expiration dates)
  • If you set cookies from JavaScript, don't forget to remember the names of cookies set in a separate list! If you set cookies with values that go over the browser limit per domain, browsers like IE/Edge will clear up the property document.cookie, and you'd have no way to enumerate existing cookies (to know what to delete before being able to set new cookies). Fwiw, this behavior is browser dependent, Chrome/FireFox will drop oldest cookies instead...
  • IE support for JavaScript sucks. In IE11, string.startsWith(), string.repeat() are not implemented, delegates var f1 = () => {dosomething();} are not understood, etc. Edge is better in this regard.
  • Chrome is silly, not allowing using cookies when scripts are run from file:// locations.
  • IE & Edge have very low limits for total cookies size. You probably don't want to send 10k cookies with every http request, but I've seen websites hitting these limits... 15k would have been more reasonable (and closer to the 16k default limit of header sizes in server side). On the plus side, 5k per cookie is better than the ~4k of all other browsers (and I've seen websites hitting that limit in other browser, too)(
Anyway, here are the results for cookies limits for the major browsers as of writing this article:

Browser   Max bytes/cookie   Max cookies   Max total bytes for cookies
IE11 & Edge 5117 50 2*5117 = 10234
Chrome 54 4096 180 180*4096 = 737280
Firefox r50 4097 150 150*4097 = 614550
Opera 41 4096 180 180*4096 = 737280

No comments: