http://api.rubyonrails.org/classes/ActionController/Session/CookieStore.html:
This cookie-based session store is the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. Cookie-based sessions are dramatically faster than the alternatives. On May 12, 5:33 pm, Philip Hallstrom <phi...@pjkh.com> wrote: > > I've looked online, but I can't find a concrete answer to this. I'm > > considering storing some data in the user's cookie, to be accessed by > > javascript. It's not sensitive information, so security isn't a > > problem. > > > Altogether, I'm looking at two strings, one of which would be about > > 100 > > characters long, and the other closer to 1000 or 1500. Is that too > > much? > > Now, how well all the browsers honor this I dunno, but I've always > seen the "4k" rule mentioned... > > http://tools.ietf.org/html/rfc2965 > > 5.3 Implementation Limits > Practical user agent implementations have limits on the number and > size of cookies that they can store. In general, user agents' cookie > support should have no fixed limits. They should strive to store as > many frequently-used cookies as possible. Furthermore, general-use > user agents SHOULD provide each of the following minimum capabilities > individually, although not necessarily simultaneously: > * at least 300 cookies > * at least 4096 bytes per cookie (as measured by the characters that > comprise the cookie non-terminal in the syntax description of the Set- > Cookie2 header, and as received in the Set-Cookie2 header) > * at least 20 cookies per unique host or domain name User agents > created for specific purposes or for limited-capacity devices SHOULD > provide at least 20 cookies of 4096 bytes, to ensure that the user can > interact with a session-based origin server. > The information in a Set-Cookie2 response header MUST be retained in > its entirety. If for some reason there is inadequate space to store > the cookie, it MUST be discarded, not truncated. > Applications should use as few and as small cookies as possible, and > they should cope gracefully with the loss of a cookie. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
