How big of a cookie can/should I create?

 

When users log into our site we retrieve an object from our database that contains various settings that are used throughout the site. In order to reduce server load from going back to our database each time the user interacts with our site, we are trying to think of alternative ways. (We serialize and de-serialize the object, when needed). The object is likely to be <1MB but could vary.

  • How big of an object can we have in a session without significantly affecting performance?
  • How big of an object can we store in a cookie?
  • Are there any other alternatives (other, than, retrieving the data from our DB)?

    • The maximum allowed cookie size depends on the client. For example, a MSDN article from 2005 says that the whole cookie may have at least 4096 bytes available (including expiry date etc). The RFC mentioned in the same article contains some more information regarding limitations:

    6.3 Implementation Limits

    Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents should provide each of the following minimum capabilities individually, although not necessarily simultaneously:

  • at least 300 cookies

  • at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)

  • at least 20 cookies per unique host or domain name

    • If your session data is not valuable (as in "shouldn't be lost in case of eg a reboot"), consider storing it in memcached. This is pretty fast and avoids accessing the DB just to get session data. You might actually want to consider using a mix of both: You could create a small cookie containing the session id and login information. Then a loss of your server-side sessions would not result in users being logged out so the impact would be pretty low.

    An alternative to cookies is html5 local storage. It's not supported by old browsers, but if that doesn't matter to you its a good option for user preferences. Keep in mind the following:

    1) The default limit is 5MB per domain (I think)
    2) If you store settings-type data in local storage, you still need to sync with a server, or else changing browsers will result in user settings not being present in the new browser.

    cookie data is restricted to 4kb.

    4 KB per cookie maximum 300 total cookies, for a total of 1.2 Mbytes maximum 20 cookies accepted from a particular server or domain

    Each cookie begins with a name-value pair. This pair is followed by zero or by more attribute-value pairs that are separated by semicolons. For one domain name, each cookie is limited to 4,096 bytes. This total can exist as one name-value pair of 4 kilobytes (KB) or as up to 20 name-value pairs that total 4 KB. If the computer does not have sufficient space to store the cookie, the cookie is discarded. It is not truncated. Applications should use as few cookies as possible and as small a cookie as possible. Additionally, applications should be able to handle the loss of a cookie.

    If a Web application uses more than 19 custom cookies, ASP session state may be lost. Internet Explorer 4.0 and later versions allow a total of 20 cookies for each domain. Because ASPSessionID is a cookie, if you use 20 or more custom cookies, the browser is forced to discard the ASPSessionID cookie and lose the session.

    链接地址: http://www.djcxy.com/p/48148.html

    上一篇: .net访问表单身份验证代码中的“超时”值

    下一篇: 我可以/应该创建多大的Cookie?