Java Reference
In-Depth Information
number and information limitation
A second limitation is on the number of cookies you can set on the user's computer for your
website and how much information can be stored in each. In older browsers, for each domain, it
was common that you could store only up to 20 cookies, and each
cookie pair
—that is, the name
and value of the cookie combined—must not be more than 4,096 characters (4KB) in size. It's also
important to be aware that all browsers do set some upper limit for the number of cookies stored.
When that limit is reached, older cookies, regardless of expiration date, are often deleted. Some
modern browsers have a 50‐cookie limit, though this may vary.
To get around the cookie limits, you can store more than one piece of information per cookie. This
example uses multiple cookies:
setCookie("Name", "Karen")
setCookie("Age", "44");
setCookie("LastVisit", "10 Jan 2001");
You could combine this information into one cookie, with each detail separated by a semicolon:
setCookie("UserDetails", "Karen;44;10 Jan 2001");
Because the
setCookie()
function escapes the value of the cookie, there is no confusion between the
semicolons separating pieces of data in the value of the cookie, and the semicolons separating the
parts of the cookie. When you get the cookie value back using
getCookieValue()
, you just split it
into its constituent parts; however, you must remember the order you stored it in:
var cookieValues = getCookieValue("UserDetails");
cookieValues = cookieValues.split(";");
alert("Name = " + cookieValues[0]);
alert("Age = " + cookieValues[1]);
alert("Last Visit = " + cookieValues[2]);
Now you have acquired three pieces of information and still have 19 cookies left in the jar. This
approach, however, is less than ideal, and you learn how to store data using newer technologies later
in this chapter.
Cookie seCuritY and ie
IE6 introduced a new security policy for cookies based on the P3P an initiative set up by the World
Wide Web Consortium (W3C). The general aim of P3P is to reassure users who are worried that
cookies are being used to obtain personal information about their browsing habits. In IE you can
select the Gear menu
➪
Internet Options and click the Privacy tab to see where you can set the level
of privacy with regards to cookies (see Figure 13-19). You have to strike a balance between setting
it so high that no website will work and so low that your browsing habits and potentially personal
data may be recorded.
Generally, by default session cookies—cookies that last for only as long as the user is browsing your
website—are allowed. As soon as the user closes the browser, the session ends. However, if you want
cookies to outlast the user's visit to your website, you need to create a privacy policy in line with the P3P
