HTTP protocol limits on URI length, post data length, and cookie length

HTTP protocol limits on URI length, post data length, and cookie length

1. URL length limit

In the Http1.1 protocol, there is no limit to the length of the URL, as described in the RFC protocol, the HTTP protocol does not limit the length of the URI, the server must be able to handle any of the services they provide a more acceptable URI, and be able to handle an infinite length of the URI, If the server cannot handle a long URI, then the 414 status code should be returned.
Although the HTTP protocol specifies, the Web server and browser have their own length limits for URIs.
Server restrictions: I touch the most server type is Nginx and Tomcat, for the length limit of the URL, they are controlled by the length of the HTTP request header to limit, nginx configuration parameter is large_client_header_buffers, Tomcat's request configuration parameter is maxhttpheadersize and can be set on its own.
Browser restrictions: Each browser also has a limit on the length of the URL, the following are the URL length restrictions for several common browsers: (in characters)

ie:2803

firefox:65536

chrome:8182

safari:80000

opera:190000

For GET requests, there is no limit to the number of parameters requested within the length limit of the URL.

2. Length limit for post data

The length limit of the post data is similar to the URL length limit, and there is no specified length limit in the HTTP protocol, and the length limit can be implemented in a way that configures the maximum HTTP request header length on the server side.

3. Limitations on the length of cookies

The length limit of a cookie is summed up in so many ways.
(1) The maximum number of cookies allowed by the browser for each domain, not to test themselves, the information found on the Internet is probably the case

IE: Originally 20, then upgraded to 50

Firefox:50 A

Opera:30 A

Chrome:180 A

Safari: Unlimited

Browser behavior when the number of cookies exceeds the limit: IE and opera use the LRU algorithm to erase old, infrequently used cookies, and Firefox's behavior is to randomly kick out the values of certain cookies. Of course, no matter what the strategy, try not to let the number of cookies exceed the scope allowed by the browser.
(2) Maximum length of each cookie allowed by the browser

Firefox and safari:4079 bytes

opera:4096 bytes

ie:4095 bytes

(3) The limit of the length of the HTTP request header in the server. Cookies are attached to each HTTP request header for delivery to the server and are therefore also affected by the length of the server's request header.

