Bipin Sasi
Bipin Sasi Techie, Author of the book Leadership Puzzles You can follow me on X formerly called twitter @BipinSasi No comments

STORAGE CAPACITY OF HTTP COOKIES

Assuming we decide to use cookies to persistently store arbitrary data on the client, how much data could we actually store? Well, RFC2109 defines how user agents and Web servers should implement cookie handling. It states, “in general, user agents’ cookiesupport should have no fixed limits.”However, unlimited client-side storage isn’t reasonable for all devices, especially mobile devices with small storage capacity. The RFC does come down from its ivory tower of what should happen and gives some practical advice. It states that user agents “should provide at least 20 cookies of 4096 bytes, to ensure that the user can interact with a session-based origin server.”Unfortunately, the RFC is vague as to whether this means at least 20 cookies per domain with no more than 4096 bytes per cookie—or whether this means at least 20 cookies per domain and no more than 4096 bytes of shared space for all of the cookies in that domain. As is often the case with vague RFCs, the major browsers implemented cookies differently. Firefox allows a maximum of 4096 bytes for each cookie, and up to 50 cookies per domain. Internet Explorer allows up to 4096 bytes total, spread over a maximum of 20 cookies. This means you can have one cookie with 4096 bytes or 20 cookies with 204 bytes, but the cumulative size of all cookies for a domain cannot be larger than 4096 bytes. Actually, IE limits you even from using the full 4K. The length of the name and the length of the data combined, excluding the equals sign,must be less than 4094 bytes. This means IE is the lowest common denominator and thus Web sites can only safely store 4094 bytes per domain using cookies.

As we have stated again and again, cookies were never intended to provide a mechanism for long-term data storage on the client. In addition to low storage capacity, this leads to another problem as well. Consider the cookie storage Web application shown in

This application allows a user to store short notes persistently in a cookie on his local machine. In this case we are storing a quotation. Because the quotation is stored in a cookie, it is automatically added to every outgoing Web request that’s applicable for the cookie attributes. Figure 8-10 shows an HTTP proxy inspecting the Web browser’s requests.

We can see that our quotation has been appended to a request for a style sheet. In fact, we will repeatedly send the quote to the server attached to every Web request we make. Every image we fetch, every external JavaScript, even every XMLHttpRequest we make. Even if we use the Path attribute of the cookie to try and minimize which requests are sending the quotation along with it, we are still spamming the server with needless information. Depending on how your Ajax application is designed, most of your XMLHttpRequests will likely be going back to the same directory the application is hosted in, thus preventing you from using Path to strip your XMLHttpRequests of the client-side storage cookies

Why JIRA ?

Sal Bipin Sasi
10/26/2018, 8:23:00 PM6 min read

Importance of decision making skills in leaders

Sal Bipin Sasi
8/2/2019, 1:37:00 PM6 min read

What is Accelerated Mobile Pages?

Sal Bipin Sasi
8/2/2019, 1:48:00 PM6 min read

Copyright © 2020 BIPIN SASI

Mediumish Blogger Theme by Kang Sunu