HTTP Cookie - size

Wikipedia gives a very detailed info about HTTP Cookies - http://en.wikipedia.org/wiki/HTTP_cookie, it's usage, advantages, disadvantages etc. I was curious perticularly about the size limitations of HTTP cookie. W3C has published specifications around HTTP State Management Mechanism, which gives further details about recommandations for the brower / server implementation groups about the usage of cookies. Accourding to the official version, it doesn't impose any upper limit to the user agent (browser) about handling cookies, though it says that user agent should atleast support 300 cookies, at least 4096 bytes per cookie, and at least 20 cookies per unique host or domain name. 
If you think about this, it's a relatively a big storage if I can use 20*4096 bytes =~ 80KB local storage per domain. Now, I wanted to make sure every thing works as defined before I jump in to a cookie-base application (like a database). So, I created a simple aspx page with following code in it. 

<%
HttpCookie c = new HttpCookie(String.Format("CTest{0}{1}",DateTime.Now.Minute,DateTime.Now.Second),
    "onrujwog61jx%7CMUeqvE58dcrfTUP2ylgfKvrhdFV69%2Boy55%2FNHMPOiIYTkNRBeASWcn1oZlWrdi5WxAVYuez14YMN");
c.Expires = new DateTime(2011, 1, 25);
Response.Cookies.Add(c);
%>
Refresh the page multiple times and see what happens (You could try this with increasing the size of one cookie to 5/6 kb, so your will see the problem with few page reloads). You will soon get the following message from your server.

Bad Request - Request Too Long

HTTP Error 400. The size of the request headers is too long
What happend here? I didnot see a limitation on the useragent side. This is because most of the browsers support more number of cookies than in the original specification. But what happend then? It is self explanatory from the message, right? Size of the request header is too long! Almost all of the servers have a way to set this size limit per header. For example, microsoft IIS server has way to cofigure "MaxFieldLength" property, which sets the upper limit for each header. See the details here: http://support.microsoft.com/kb/820129
Default value for MaxFieldLength in IIS is 16 bytes. So if you tries to send cookies with total size more than 16 bytes, server will give 400 status code back. I did the same experiment with an Apache server, for which the default limit is found as 8 bytes, which is, of course, cofigurable based of your requirement.
Now, I just want you all to be a little careful while using cookies. Because if you ever allow your code to create cookies with total size more than the minimum size set by the server, then you are in trouble, you will be kicking your user out of the site. Specially if they are persistant cookies, most of the ordinary users doesn't understand what this message mean, and they will not clean the cookie and continue with the site. So be careful with your cookies and have a safe coding ahead!

Comments

Post a Comment

Popular posts from this blog

SCTE35 Parser

The SCTE (Society of Cable Telecommunications Engineers) defines the SCTE-35 as "SCTE 35, Digital Program Insertion Cueing Message for Cable, is the core signaling standard for advertising and distribution control (ex. blackouts) of content for content providers and content distributors"  SCTE-35 CUEs are signals that can be used to identify AD breaks, program chapters etc in a VOD, DVR or live streams contents. While creating the original content, encoders uses SCTE-104 messages to insert appropriate SCTE-35 info in the stream. This usually will be packaged as separate stream with other video, audio streams. The downstream packager can use this info to create appropriate SCTE-35 CUEs on the end user metadata, for example HLS manifest, DASH manifest etc.  Sample manifest with SCTE-35 cues: #EXTM3U #EXT-X-TARGETDURATION:10 #EXT-X-VERSION:3 #EXT-X-MEDIA-SEQUENCE:00001 http://server-host/path/file44.ts http://server-host/path/file45.ts SCTE 35 2016 SCTE STANDARD ©SCT
Keep reading

Dijkstra's Algorithm in JavaScript

Image
I happend to read through a series of blog posts by Nicholas C. Zakas here -  http://www.nczonline.net/blog/2009/06/09/computer-science-in-javascript-binary-search-tree-part-1 . These are really interesting thoughts. So I decided to take it another step by implementing the shortest span/path solution using Dijkstra's Algorithm. A beautiful explanation of the algorithm is available in YouTube at -  http://www.youtube.com/watch?v=8Ls1RqHCOPw  - so that I can stay focussed on the implementation part. Now, let me walk you through the steps taken to implement the algorithm in javascript. First of all, I need to define the graph that I am going to traverse. The best way to represent the graph is in metrix form, where each of the entry will indicate the weighted edge from one node to the other. To do this in JS, I created an array of arrays, with a header element at the first row. Figure 1. The above graph can be represented as follows.     [['A',
Keep reading