According to the RFC 2109, web cookies should not be limited by user agents. But the minimum capabilities of a browser or user agent should be at least 4096 bytes per cookie. This limit is applied to the
name=value portion of the cookie only.
This means that if you're writing a cookie and the cookie is less than 4096 bytes, then it will be supported by every browser and user agent that conforms to the RFC.
But this is the minimum requirement according to the RFC. Some browsers may support longer cookies. In my testing I found:
- Internet Explorer 8 allowed cookies up to 4095 bytes
- Chrome 9 allowed cookies up to 4096 bytes
- Opera 11 allowed cookies up to 4096 bytes
- Firefox 3.6.3 allowed cookies up to 4097 bytes
- Safari 5 allowed coookies up to 4097 bytes
Based on that testing I recommend keeping your cookies to 4095 bytes or less.