ystrashnoy

Q: Regarding Safari cookie size problem (RFC 2109)

Latest Safari versions do not comply with RFC 2109 regarding cookies size.

 

RFC 2109 6.3  Implementation Limits

 

   Practical user agent implementations have limits on the number and

   size of cookies that they can store.  In general, user agents' cookie

   support should have no fixed limits.  They should strive to store as

   many frequently-used cookies as possible.  Furthermore, general-use

user agents should provide each of the following minimum capabilities

   individually, although not necessarily simultaneously:

 

* at least 300 cookies

* at least 4096 bytes per cookie (as measured by the size of the

        characters that comprise the cookie non-terminal in the syntax

        description of the Set-Cookie header)

 

* at least 20 cookies per unique host or domain name

 

User agents created for specific purposes or for limited-capacity

   devices should provide at least 20 cookies of 4096 bytes, to ensure

   that the user can interact with a session-based origin server.

 

Latest Safari violates this RFC and has 4 KB limit on total size of all cookies for each domain.

It causes severe problems with many Web Applications including Web Applications which use Microsoft SAML2 federated security.

Safari must support up to 20 cookies per domain and each cookie must be at least 4096 bytes long.

 

Where can I get a fix fro Safari.

 

This was tested with Safari for MS Windows, but people reported same problem for many other platforms.

Safari, Windows Vista, applies to many OS

Posted on Jul 3, 2012 11:27 PM

Close

Q: Regarding Safari cookie size problem (RFC 2109)

  • All replies
  • Helpful answers