Cookie Limits

My Cookie Toolbox contains functionality allowing you to store multiple values in a cookie by treating them as entries in a one dimensional array. One reader queried this wondering why I didn't make allowance for two or even three dimensional arrays. Well there is a limit on how big a cookie can be and therefore on how much it can contain. Except where bit fields are to be stored there just isn't enough room in a cookie to store multi-dimensional arrays (or at least not very big arrays).

The maximum size that a cookie can be depends on which browser is being used. Since you normally have no control over which browser your visitors are using (unless your pages are on an intranet) you need to design your cookie usage to cater for the browser that sets the smallest size limit for cookies. By testing cookies of various sizes with all of the different browsers that I could find I have determined that they will all handle cookies of up to 4000 bytes but some browsers malfunction once cookies exceed that size.

The Your Favourites page of this site allows you to store up to ten entries in one cookie with each entry consisting of a name of up to 40 characters followed by a URL of up to 80 characters. These entries are stored alternately in a twenty element single dimensional array. Allowing for the overheads of separators as well as the fact that some characters need to be encoded (and therefore can take up to three bytes per character) means that each of the entries can potentially take up to 366 bytes or 3660 bytes in all which is as close as I wanted to go to the 4000 byte limit. Admittedly most characters don't require encoding and so will only take up one byte instead of three but as I have no control over what is actually entered I wanted to allow for the worst case situation.

So how many entries of various sizes can we fit into a cookie without any risk of it getting too big? Well we can fit 120 entries provided that each does average more for than thirty bytes (ie. 10 characters if anything is allowed or 30 characters if entry is limited to alphanumerics). If we can guarantee that all characters to be stored are alphanumeric and average no more than 10 characters in length then we can fit up to 300 entries into one cookie. If we want to store more in each entry then of course the maximum number of entries will be reduced accordingly.

If we are looking at storing a two dimensional array in a cookie then these maximums for the number of entries means that we might store an 11 x 11 array where each entry can be any ten characters or a 17 x 17 array where each entry can be any ten alphanumerics. Of course one dimension may have fewer entries in which case either the other can have more or the entries can be larger. With a three dimensional array we could have a 5 x 5 x 5 array with each entry being any nine characters or a 7 x 7 x 7 array with each entry being any eight alphanumerics. We could also fit a four dimensional array with 4 x 4 x 4 x 4 entries of not more than four characters each.

Given how few entries can be fitted into each dimension of a multidimensional array even when the entries are only a few characters long, the use of such arrays in a cookie would be a very specialized usage which is the answer to the query about why I didn't allow for multiple dimensional arrays.

Of course with my toolbox you don't have to store identical items in each element of the array, each can be used to store something different as long as you keep track of what you have stored in which entry.

So how can we get around the 4000 character limit for a cookie? Well we can have more than one cookie. In fact you can use up to twenty cookies on one web site. Since I used one cookie to store ten entries on my "Your Favourites" page I could use five cookies to store fifty entries. Another cookie to track when you have activated the delete function makes six cookies in all which is well under the twenty cookie per site limit allowing me to use cookies for other functions.

Of course if your site does use more than twenty cookies then provided that a visitor does not access anything causing more than twenty cookies to be saved to their computer then you still don't have a problem. Of course when someone saves a twenty first cookie from your site the first one saved will be automatically deleted.

Overall these limits don't give you scope for saving very much data on your visitor's computer but then for the most part it is poor practice to store much on their computer in the first place. A much better alternative is to use a database on the server to store the information that you need about each of your visitors. You then only need to store enough information in a single cookie to identify which database entry to read when that visitor returns to your site.


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow