我可以/应该创建多大的cookie? [英] How big of a cookie can/should I create?
问题描述
当用户登录我们的网站时,我们从数据库中检索一个对象,该对象包含在整个网站中使用的各种设置。为了减少服务器负载,每次用户与我们的网站交互时,回到我们的数据库,我们试图想到的替代方法。 (我们序列化和反序列化对象,当需要时)。
When users log into our site we retrieve an object from our database that contains various settings that are used throughout the site. In order to reduce server load from going back to our database each time the user interacts with our site, we are trying to think of alternative ways. (We serialize and de-serialize the object, when needed). The object is likely to be <1MB but could vary.
- 我们可以在一个会话中拥有多少对象,而不会显着影响性能?
- 我们可以在Cookie中存储多大的对象?
- 是否有其他替代方法(除了从我们的数据库检索数据)?
推荐答案
允许的最大Cookie大小取决于客户端。例如,来自2005年的 MSDN文章表示, cookie可能至少有4096字节可用(包括到期日等)。同一篇文章中提到的 RFC 包含一些有关限制的信息:
The maximum allowed cookie size depends on the client. For example, a MSDN article from 2005 says that the whole cookie may have at least 4096 bytes available (including expiry date etc). The RFC mentioned in the same article contains some more information regarding limitations:
6.3实现限制
6.3 Implementation Limits
实际的用户代理实现对数字和
大小有限制的cookie,他们可以存储。一般来说,用户代理的cookie
支持应该没有固定的限制。他们应努力将许多常用的cookie存储为
。此外,一般用户
用户代理应该单独地提供以下每个最小能力
,尽管不一定同时:
Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents should provide each of the following minimum capabilities individually, although not necessarily simultaneously:
-
至少300个Cookie
at least 300 cookies
每个Cookie至少有4096个字节(由组成Cookie的
个字符的大小衡量非终端语言
Set-Cookie头的描述)
at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)
每个唯一主机或域名至少20个Cookie
at least 20 cookies per unique host or domain name
如果您的工作阶段资料无价值例如重新启动),请考虑将其存储在memcached中。这是相当快的,避免访问DB只是为了获取会话数据。您可能实际上想考虑使用两者的混合:您可以创建一个小的cookie包含会话ID和登录信息。然后,您的服务器端会话的丢失不会导致用户退出登录,因此影响会非常低。
If your session data is not valuable (as in "shouldn't be lost in case of e.g. a reboot"), consider storing it in memcached. This is pretty fast and avoids accessing the DB just to get session data. You might actually want to consider using a mix of both: You could create a small cookie containing the session id and login information. Then a loss of your server-side sessions would not result in users being logged out so the impact would be pretty low.
这篇关于我可以/应该创建多大的cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
