Can the hardcode limit for cookie length be removed or adjusted?

[Clam-]

Is your feature request related to an issue? Please describe. Seems pretty archaic to limit to 4KB. Sometimes I just want to quickly and messily store a bunch of client-side data temporarily.

Describe the solution you'd like It would probably be best if the cookiefactory could be given an argument that sets a custom cookie length size limit.

Describe alternatives you've considered Sure, I could implement saner client-size storage options, but I just want to get a thing done quick.

Additional context If this seems likely to be accepted, I'm happy to make a pull request for it and such.

[Clam-]

Just for reference, here is the current hardcoded limit: https://github.com/Pylons/pyramid/blob/master/src/pyramid/session.py#L327

[Clam-]

Okay, turns out in this instance I was getting ahead of myself. I don't actually need this increased however if the desire is still there, I don't mind implementing a thing.

[mmerickel]

4k is a little aggressive, but 8k is still a norm (default on nginx for header size).

I'd be totally open to adding a config argument for this if you want to work on that, but I don't think we should change the default.

[digitalresistor]

4096 bytes is the max set by the rfcs. It's not a limit we picked arbitrarily.

[digitalresistor]

https://chromestatus.com/feature/4946713618939904

[Clam-]

Ooh I see. That makes sense. I wasn't aware it had been standardized. All good then, I'll close this and try not to jump the gun in future. Thanks for the information.

[digitalresistor]

No worries! Just wanted to provide context before you did a bunch of work.

[mmerickel]

Oops I forgot about that limit too. My solution years ago when I wrote an app that was storing too much data in the session was to write a BigCookie impl that would split the data into multiple cookies. At that point you run into the header limits I referenced earlier but it’s solvable. Or just switch to a server side session.