[Expand]General Information
[Expand]WinForms Controls
[Collapse]ASP.NET Controls and MVC Extensions
 [Expand]What's Installed
 [Collapse]Common Concepts
  [Expand]Web.config Modifications
  [Expand]Callback Exception Handling
  [Expand]Client-Side Functionality
  [Collapse]Cookies Support
    Cookie Limitations
  [Expand]Appearance Customization - Theming
   Icon Collection
  [Expand]Performance Optimization
  [Expand]CSS Image Sprites
   Data Annotation Attributes
   Supported Document Types
  [Expand]Accessibility Support
   Right to Left Support
   HTML Encoding
  [Expand]SharePoint Support
   Mobile Support
  [Expand]Office Document Management
   Cloud Storage Account Management
  [Expand]Web Farm and Web Garden Support
 [Expand]ASP.NET WebForms Controls
 [Expand]ASP.NET MVC Extensions
 [Expand]Redistribution and Deployment
  Get More Help
 [Expand]API Reference
[Expand]ASP.NET Bootstrap Controls
[Expand]ASP.NET Core Bootstrap Controls
[Expand]WPF Controls
[Expand]Xamarin Controls
[Expand]Windows 10 App Controls
[Expand]Office File API
[Expand]Report and Dashboard Server
[Expand]eXpressApp Framework
[Expand]eXpress Persistent Objects
[Expand]CodeRush Classic
[Expand]Cross-Platform Core Libraries
[Expand]Tools and Utilities
 End-User Documentation
View this topic on docs.devexpress.com (Learn more)

Cookie Limitations

Expanded What is a Cookie?

A cookie is a text file stored in the computer’s browser, which allows you to store and retrieve information on the client side. A web page instructs the browser to store information upon an initial visit, and when the user returns to the website the cookie is added to the HTTP header. Server side programs read this information to identify a user, and in some cases display customized content for that user.

A cookie contains the following data.

  • A name-value pair containing the actual data.
  • An expiry date after which it is no longer valid.
  • The domain and path of the serverto which it should be sent.

Note that according to the same origin policy, cookies can only be accessed by pages originating from the same site. For example, the domain, application layer protocol, and port number (for most browsers) must match.

Expanded Cookie Limitation Standard

Practical web browsers have limits on the number and size of cookies that they can store. According to the IETF cookie specification, web browsers should provide the following minimum requirements:

  • at least 300 cookies;
  • at least 4096 bytes per cookie;
  • at least 20 cookies per unique host or domain name.

The cookie specification recommends that applications use as few cookies as possible and as small a cookie as possible. Additionally, applications should be able to handle the loss of a cookie.


Refer to the RFC 2965 - Section 4.1.1 Syntax document to learn about allowed characters in cookies.

Expanded Browser Limitations

Actual cookie limitations vary from browser to browser. Each browser is limited by a per-domain cookie count and overall cookie size limit.

The table below illustrates these limitations based on the browser.

Browser Cookie count limit per domain Total size of cookies
Chrome 180 4096
Firefox 150 4097
Internet Explorer 50 5117
Opera 60 4096
Safari 600 4093

The following issues arise if cookies exceed the browser limit.

  • Any cookie that is set with a size greater than the limit is ignored (and not set).
  • The oldest cookie is removed once the limit has been reached in order to store the new cookie.
  • If the computer does not have sufficient space to store a cookie, it is discarded. The cookie is not truncated.

To support most browsers, cookies should not exceed 50 per domain, and total cookie size (across all cookies) should be less than or equal to 4093 bytes.

Expanded See Also

Is this topic helpful?​​​​​​​