<rdar://problem/5949683>

Some custom apps might want the limitless cookies, whereas some apps might want *very* limited cookies or no cookies at all. It is unclear to me whether or not this should be fixed as a WebKit bug or if it is really an application policy (in which case it would be fixed in Safari by Apple, and this bug would be invalid). Thoughts?

Cookies are managed by Foundation and CFNetwork rather than WebKit, so it's likely that limiting cookies is something that will need to be handled at that level.

I agree completely, but someone would have to call to set the limitation - should that someone be WebKit or Safari? That was my question.

RFC2965 "HTTP State Management Mechanism" does not force any limit of cookies per domain, moreover it defines that user agents should not have any limits in this area: "5.3 Implementation Limits Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents SHOULD provide each of the following minimum capabilities individually, although not necessarily simultaneously: * at least 300 cookies * at least 4096 bytes per cookie (as measured by the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie2 header, and as received in the Set-Cookie2 header) * at least 20 cookies per unique host or domain name" [http://www.ietf.org/rfc/rfc2965.txt] In my opinion this report should be marked as WONTFIX.

This has been fixed for Safari running on SnowLeopard, Windows and on. We don't limit the number of cookies per domain, but instead limit the total size of the cookie header, because cookies must be a minimum of two characters plus a semi-colon per cookie the number is effectively limited.

Resolving per the above comment.