I''ve looked online, but I can''t find a concrete answer to this. I''m considering storing some data in the user''s cookie, to be accessed by javascript. It''s not sensitive information, so security isn''t a problem. Altogether, I''m looking at two strings, one of which would be about 100 characters long, and the other closer to 1000 or 1500. Is that too much? Thanks! -- Posted via http://www.ruby-forum.com/.
> I''ve looked online, but I can''t find a concrete answer to this. I''m > considering storing some data in the user''s cookie, to be accessed by > javascript. It''s not sensitive information, so security isn''t a > problem. > > Altogether, I''m looking at two strings, one of which would be about > 100 > characters long, and the other closer to 1000 or 1500. Is that too > much?Now, how well all the browsers honor this I dunno, but I''ve always seen the "4k" rule mentioned... http://tools.ietf.org/html/rfc2965 5.3 Implementation Limits Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents'' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents SHOULD provide each of the following minimum capabilities individually, although not necessarily simultaneously: * at least 300 cookies * at least 4096 bytes per cookie (as measured by the characters that comprise the cookie non-terminal in the syntax description of the Set- Cookie2 header, and as received in the Set-Cookie2 header) * at least 20 cookies per unique host or domain name User agents created for specific purposes or for limited-capacity devices SHOULD provide at least 20 cookies of 4096 bytes, to ensure that the user can interact with a session-based origin server. The information in a Set-Cookie2 response header MUST be retained in its entirety. If for some reason there is inadequate space to store the cookie, it MUST be discarded, not truncated. Applications should use as few and as small cookies as possible, and they should cope gracefully with the loss of a cookie.
http://api.rubyonrails.org/classes/ActionController/Session/CookieStore.html: This cookie-based session store is the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. Cookie-based sessions are dramatically faster than the alternatives. On May 12, 5:33 pm, Philip Hallstrom <phi...-LSG90OXdqQE@public.gmane.org> wrote:> > I''ve looked online, but I can''t find a concrete answer to this. I''m > > considering storing some data in the user''s cookie, to be accessed by > > javascript. It''s not sensitive information, so security isn''t a > > problem. > > > Altogether, I''m looking at two strings, one of which would be about > > 100 > > characters long, and the other closer to 1000 or 1500. Is that too > > much? > > Now, how well all the browsers honor this I dunno, but I''ve always > seen the "4k" rule mentioned... > > http://tools.ietf.org/html/rfc2965 > > 5.3 Implementation Limits > Practical user agent implementations have limits on the number and > size of cookies that they can store. In general, user agents'' cookie > support should have no fixed limits. They should strive to store as > many frequently-used cookies as possible. Furthermore, general-use > user agents SHOULD provide each of the following minimum capabilities > individually, although not necessarily simultaneously: > * at least 300 cookies > * at least 4096 bytes per cookie (as measured by the characters that > comprise the cookie non-terminal in the syntax description of the Set- > Cookie2 header, and as received in the Set-Cookie2 header) > * at least 20 cookies per unique host or domain name User agents > created for specific purposes or for limited-capacity devices SHOULD > provide at least 20 cookies of 4096 bytes, to ensure that the user can > interact with a session-based origin server. > The information in a Set-Cookie2 response header MUST be retained in > its entirety. If for some reason there is inadequate space to store > the cookie, it MUST be discarded, not truncated. > Applications should use as few and as small cookies as possible, and > they should cope gracefully with the loss of a cookie.
Thanks you two. I''d found the 4kb limit, but wasn''t sure how that would come out in real-world usage - i.e., does Rails use up some of that space on its own, would the use of a secret and hash affect that... I also forgot to mention that I''m using Authlogic, which I believe would also take up some space. -- Posted via http://www.ruby-forum.com/.