Restrictions on number of cookies?

No it's definitely not the browser (I was testing in Firefox). I'm sure I checked MSIE and found I could also get 150 or so cookies on there.

I've ran the same script using CF 2016 on Win 10, Win 2008 and newly created Win 2016.

I do have a URL Rewrite and SSL certs on the Win 2016, so I've sent a rewrite to force it into HTTPS mode. As it's a Win 2016 server it has HTTP/2 over the SSL, so it delivers all those cookies in one go rather than individually. The script works fine, I can write or delete a 100 in HTTPS with no problem. It's when I drop to HTTP, and it's using HTTP1.1 that the problem occurs

As it works fine on the previous Win 2008 server (and Win 10), and I'm using the same CF settings (I literally exported from the 2008 into 2016), I have to presume that this is something to do with the newer IIS 10

Although I technically have the site working on the HTTP2 set up, I'd like to try and get to the bottom of it and see if it's a simple enough tweak so I know that it'll always work on HTTP, not that anybody could get it into HTTP now with the URL rewrite, so maybe I'm just wasting time, but I feel a need to get to the bottom of this one

Well IMHO forcing HTTPS is a win for you. It is quite common these days for sites to run over https and only https, and actually chrome has started marking sites that are not using https as "Not Secure" in the address bar. Check this site out for details on why it is a good thing: https://doesmysiteneedhttps.com/

It's a win for sure, as long as it's on HTTP/2 which it is now (Win 2016 IIS10), when I did it on Win 2008 it was horribly slow, causing CSS not to load quick enough and messing up pages. Thanks to HTTP/2 it's actually quicker to load over SSL than it is over the regular HTTP.

So technically the problem is resolved, but it is niggling me that it won't work on Win 2016. I was just told that Win 10 is also IIS10 so that threw a curve ball because I was pointing at IIS10 being the issue, but perhaps it has different settings on the server version.

You're right those warnings are everywhere, if you look on iOS and select a form that asks for email or password you'll get a big ugle red message warning the user, so it's pretty much a must these days

Have you considered using localStorage?

I've found that if I take all the information that is needed and place it in JSON format, I can access one single localStorage variable, parse what I need, and get going.  And to be sure, deleting a node of JSON would be much faster than deleting individual cookies.

Just my two cents.

V/r,

^ _ ^

I can not use JSON as it's a little complex, the cookies are read by some other JS built into some games, as they are used for authentication to play the game. If I start to change the format of how it's all stored it will upon up a can of endless re-coding and fixes.

In an ideal world I'd find out why it works on the 2008 and Win10, but not 2016.

Although it's working fine now on HTTP/2, I do see what might be an issue, the games are set to cache and I see on a reload I get a lot of 0ms load times on the cached images, but I also not it drops to HTTP/1.1, maybe that's the most efficient way to do it when there is all this caching going on, I don't have any server side control over this in IIS, and the first load is indeed HTTP/2.

With that being said, my concern is, what if it decides to drop to HTTP/1.1 somewhere else where the cookie handling is critical. I've tested it and it seems fine, but I'd sleep better knowing that the site performs (as it did before) perfectly well in HTTP/1.1 if the need arises

As for HTTP not allowing multiple cookies in a single request, is there a single site out there that only writes one cookie on a request?

I think the other post was about the RFP for HTTP 1.x not allowing multiple Cookie request headers. But as we all know, a single Cookie request header can contain multiple cookies expressed as name-value pairs.

Dave Watts, Fig Leaf Software

Ahh, gotcha