I’ve been writing about Cookies a lot recently, and also did so almost a decade ago.
Edge/IE cookie limits
The June 1018 Cumulative Updates increased the per-domain cookie limit from 50 to 180 for IE and Edge Legacy across Windows 7, Windows 8.1, and Windows 10 (TH1 to RS2). This higher limit matches Chrome’s cookie jar.
In IE/Edge Legacy, if the cookie length exceeds 10240 characters, document.cookie returns an empty string. (Cookies over 1023 characters can also lead to an empty document.cookie
string in the event of a race condition). Cookie strings longer than 10KB will still be sent to the server in the Cookie request header (up to 250KB for 50 cookies of 5k each!), although many servers will reject headers over 16kb in size.
In IE/Edge Legacy, the browser will ignore Set-Cookie headers over 5118 characters in length, and will suppress attempts to send individual cookies (name=value
) over that length.
Other Browsers
Firefox and Chromium, including the new Edge, has a limit of 4096 characters for the entire Set-Cookie
header value.
Test Page
At the time of this writing, there’s a nice test page that attempts to exercise cookie limits using the DOM.