Number and size limits of a cookie in Internet Explorer

Article ID: 306070 - View products that this article applies to.
This article was previously published under Q306070
Expand all | Collapse all

SUMMARY

Microsoft Internet Explorer complies with the following RFC 2109 recommended minimum limitations:
  • at least 300 cookies
  • at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)
  • at least 20 cookies per unique host or domain name
Note These recommended minimum limitations appear in RFC 2109, section 6.3, "Implementation Limits." For more information, see the "References" section.
Back to the top | Give Feedback

MORE INFORMATION

Each cookie begins with a name-value pair. This pair is followed by zero or by more attribute-value pairs that are separated by semicolons. For one domain name, each cookie is limited to 4,096 bytes. This total can exist as one name-value pair of 4 kilobytes (KB) or as up to 20 name-value pairs that total 4 KB. If the computer does not have sufficient space to store the cookie, the cookie is discarded. It is not truncated. Applications should use as few cookies as possible and as small a cookie as possible. Additionally, applications should be able to handle the loss of a cookie.

If a Web application uses more than 19 custom cookies, ASP session state may be lost. Internet Explorer 4.0 and later versions allow a total of 20 cookies for each domain. Because ASPSessionID is a cookie, if you use 20 or more custom cookies, the browser is forced to discard the ASPSessionID cookie and lose the session.

To store more than 20 name-value pairs for a domain, you can create a cookie dictionary by concatenating several name-value pairs for each cookie up to the 4,096-byte limit for that cookie. Currently, to retrieve these values from client-side scripting, you must parse the cookies manually. However, the Active Server Pages Request and Response objects include built-in functionality to work with cookie dictionaries as dictionary objects. The following sample code demonstrates the use of cookie dictionary in an ASP page: 
<%
   Response.Cookies ("MyCookie")("a")="A"
   Response.Cookies ("MyCookie")("b")="B"   
   Response.Cookies ("MyCookie")("c")="C"
   Response.Cookies ("MyCookie")("d")="D"
   Response.Cookies ("MyCookie")("e")="E"
   Response.Cookies ("MyCookie")("f")="F"
   Response.Cookies ("MyCookie")("g")="G"
   Response.Cookies ("MyCookie")("h")="H"
   Response.Cookies ("MyCookie")("i")="I"
   Response.Cookies ("MyCookie")("j")="J"
   Response.Cookies ("MyCookie")("k")="K"
   Response.Cookies ("MyCookie")("l")="L"
   Response.Cookies ("MyCookie")("a1")="A"
   Response.Cookies ("MyCookie")("b1")="B"   
   Response.Cookies ("MyCookie")("c1")="C"
   Response.Cookies ("MyCookie")("d1")="D"
   Response.Cookies ("MyCookie")("e1")="E"
   Response.Cookies ("MyCookie")("f1")="F"
   Response.Cookies ("MyCookie")("g1")="G"
   Response.Cookies ("MyCookie")("h1")="H"
   Response.Cookies ("MyCookie")("i1")="I"
   Response.Cookies ("MyCookie")("j1")="J"
   Response.Cookies ("MyCookie")("k1")="K"
   Response.Cookies ("MyCookie")("l1")="L"
  
   Response.Cookies("MyCookie").Expires = "12/31/2001"


    For Each strKey In Request.Cookies
      Response.Write strKey & " = " & Request.Cookies(strKey) & "<BR><BR>"
      If Request.Cookies(strKey).HasKeys Then
        For Each strSubKey In Request.Cookies(strKey)
          Response.Write "->" & strKey & "(" & strSubKey & ") = " & _
            Request.Cookies(strKey)(strSubKey) & "<BR>"
        Next
      End If
    Next
%>
Note In Internet Explorer 5.0 and later, you can use the userData behavior to persist data across sessions. This behavior has a greater capacity than cookies.

If you use the document.cookie property to retrieve the cookie on the client side, the document.cookie property can retrieve only 4,096 bytes. This byte total can be one name-value pair of 4 KB, or it can be up to 20 name-value pairs that have a total size of 4 KB.

The document.getcookie function calls the CDocument::GetCookie method in Microsoft HTML.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
820536
(http://support.microsoft.com/kb/820536/ )
Document.Cookie property returns an empty string
Back to the top | Give Feedback

REFERENCES

For more information about the RFC 2109 specifications, see the following Web sites:
Internet Engineering Task Force (IETF)
http://www.ietf.org/rfc/rfc2109.txt
(http://www.ietf.org/rfc/rfc2109.txt)


World Wide Web Consortium (W3C)
http://www.w3.org/Protocols/rfc2109/rfc2109
(http://www.w3.org/Protocols/rfc2109/rfc2109)
For more information about the Cookies collection, see the following Microsoft Developer Network (MSDN) Web site:
http://msdn.microsoft.com/en-us/library/ms525394(v=vs.90).aspx
(http://msdn.microsoft.com/en-us/library/ms525394(v=vs.90).aspx)
For more information about the userData behavior, see the following MSDN Web site:
http://msdn2.microsoft.com/en-us/library/ms531424.aspx
(http://msdn2.microsoft.com/en-us/library/ms531424.aspx)
For more information about cookies, see the following Cookie Central Web site:
http://www.cookiecentral.com/
(http://www.cookiecentral.com/)
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
157906
(http://support.microsoft.com/kb/157906/ )
How to maintain state across pages with VBScript
175167
(http://support.microsoft.com/kb/175167/ )
How to store State in Active Server Pages applications
For more information about developing Web-based solutions for Microsoft Internet Explorer, visit the following Microsoft Web sites:
http://msdn.microsoft.com/ie/
(http://msdn.microsoft.com/ie/)


http://support.microsoft.com/iep
(http://support.microsoft.com/iep)
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Back to the top | Give Feedback

Properties

Article ID: 306070 - Last Review: June 18, 2012 - Revision: 5.0
APPLIES TO
  • Microsoft Internet Explorer 4.01 Service Pack 1
Keywords: 
kbhowto KB306070
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top