aspnet-11912-common-concepts-cookies-support.md
A cookie is a text file stored in the computer’s browser, which allows you to store and retrieve information on the client side. A web page instructs the browser to store information upon an initial visit, and when the user returns to the website the cookie is added to the HTTP header. Server side programs read this information to identify a user, and in some cases display customized content for that user.
A cookie contains the following data.
Note that according to the same origin policy , cookies can only be accessed by pages originating from the same site. For example, the domain, application layer protocol, and port number (for most browsers) must match.
Practical web browsers have limits on the number and size of cookies that they can store. According to the IETF cookie specification, web browsers should provide the following minimum requirements:
The cookie specification recommends that applications use as few cookies as possible and as small a cookie as possible. Additionally, applications should be able to handle the loss of a cookie.
Note
Refer to the RFC 2965 - Section 4.1.1 Syntax document to learn about allowed characters in cookies.
Actual cookie limitations vary from browser to browser. Each browser is limited by a per-domain cookie count and overall cookie size limit.
The table below illustrates these limitations based on the browser.
| Browser | Cookie count limit per domain | Total size of cookies |
|---|---|---|
| Chrome | 180 | 4096 |
| Firefox | 150 | 4097 |
| Opera | 60 | 4096 |
| Safari | 600 | 4093 |
The following issues arise if cookies exceed the browser limit.
Note
To support most browsers, cookies should not exceed 60 per domain, and total cookie size (across all cookies) should be less than or equal to 4093 bytes.
See Also
HTTP State Management Mechanism - Proposed Standard RFC 6265