Open oxygen opened 8 years ago
oxygen
commented
8 years ago In addition to compression, the PHP code should check if the cookie size exceeds 4093 bytes and throw an error or call some host app defined handler. Browsers will ignore the respective Set-Cookie header silently. Browsers limit between 4093 bytes and 4096 bytes per cookie (remember that some servers limit the entire header to small values like these).
oxygen
commented
8 years ago brotli compresses better than gzip by about 22%. This comes in handy for cookies :)
Not sure if included in public repos yet
https://github.com/kjdev/php-ext-brotli
But it would be much better than gzip, when/if compression support is added.
Edit: Now included in public repos. https://centos.pkgs.org/7/remi-x86_64/php72-php-brotli-0.5.0-1.el7.remi.x86_64.rpm.html https://centos.pkgs.org/7/remi-x86_64/php70-php-brotli-0.5.0-1.el7.remi.x86_64.rpm.html etc.
Cookie size per domain is limited in some browsers and/or by web servers (when limited by a web server, the user would be forced to manually delete cookies before any more requests).
Before base64_encode, the data could be gzipped. It will reduce size to at least half, for non-binary data (arrays of text strings, ints, etc.). And it will provide some level of obsfucation.
Note: If you are ever considering adding encryption, encrypt after gzipping.