سلام
?
1.حداکثر حجمی که 1 کوکی میتونه داشته باشه؟

2.حداکثر تعداد کوکی هایی که هر دامین میتونه برای 1 کلاینت بسازه؟

و مانند هر دو سئوال فوق برای Session

با سپاس

در مورد کوکی:


There are limitations on the number of cookies that a client can store at any one time. This is a specification of the minimum number of cookies that a client should be prepared to receive and store.


300 total cookies

4 kilobytes per cookie, where the name and the OPAQUE_STRING combine to form the 4 kilobyte limit.

20 cookies per server or domain. (note that completely specified hosts and domains are treated as separate entities and have a 20 cookie limitation for each, not combined)

Servers should not expect clients to be able to exceed these limits. When the 300 cookie limit or the 20 cookie per server limit is exceeded, clients should delete the least recently used cookie. When a cookie larger than 4 kilobytes is encountered the cookie should be trimmed to fit, but the name should remain intact as long as it is less than 4 kilobytes.



منبع (http://wp.netscape.com/newsref/std/cookie_spec.html)

در مورد Session:

Problems with ASP Session State

ASP developers know session state as a great feature, but one that is somewhat limited. These limitations include:

Process dependent. ASP session state exists in the process that hosts ASP; thus the actions that affect the process also affect session state. When the process is recycled or fails, session state is lost.
Server farm limitations. As users move from server to server in a Web server farm, their session state does not follow them. ASP session state is machine specific. Each ASP server provides its own session state, and unless the user returns to the same server, the session state is inaccessible. While network IP level routing solutions can solve such problems, by ensuring that client IPs are routed to the originating server, some ISPs choose to use a proxy load-balancing solution for their clients. Most infamous of these is AOL. Solutions such as AOL's prevent network level routing of requests to servers because the IP addresses for the requestor cannot be guaranteed to be unique.
Cookie dependent. Clients that don't accept HTTP cookies can't take advantage of session state. Some clients believe that cookies compromise security and/or privacy and thus disable them, which disables session state on the server.These are several of the problem sets that were taken into consideration in the design of ASP.NET session state.
ASP.NET Session State

ASP.NET session state solves all of the above problems associated with classic ASP session state:

Process independent. ASP.NET session state is able to run in a separate process from the ASP.NET host process. If session state is in a separate process, the ASP.NET process can come and go while the session state process remains available. Of course, you can still use session state in process similar to classic ASP, too.
Support for server farm configurations. By moving to an out-of-process model, ASP.NET also solves the server farm problem. The new out-of-process model allows all servers in the farm to share a session state process. You can implement this by changing the ASP.NET configuration to point to a common server.
Cookie independent. Although solutions to the problem of cookieless state management do exist for classic ASP, they're not trivial to implement. ASP.NET, on the other hand, reduces the complexities of cookieless session state to a simple configuration setting.Let's look at each of these features in more detail, including how the settings are configured.


منبع (http://msdn2.microsoft.com/en-us/library/ms972429.aspx)