what is the maximum size of cookie? [closed]

Question

Cookies maximum size in rails application,as per rails guide it is 4 KB. http://guides.rubyonrails.org/security.html#session-storage

Answer 1

You are correct, as per the specs: http://web.archive.org/web/20070805052634/http://wp.netscape.com/newsref/std/cookie_spec.html

There are limitations on the number of cookies that a client can store at any one time. This is a specification of the minimum number of cookies that a client should be prepared to receive and store.

300 total cookies 4 kilobytes per cookie, where the name and the OPAQUE_STRING combine to form the 4 kilobyte limit.

20 cookies per server or domain. (note that completely specified hosts and domains are treated as separate entities and have a 20 cookie limitation for each, not combined)

Servers should not expect clients to be able to exceed these limits. When the 300 cookie limit or the 20 cookie per server limit is exceeded, clients should delete the least recently used cookie. When a cookie larger than 4 kilobytes is encountered the cookie should be trimmed to fit, but the name should remain intact as long as it is less than 4 kilobytes.

See also:

https://www.rfc-editor.org/rfc/rfc6265
https://www.rfc-editor.org/rfc/rfc2965