RFC 2109 reccomends that the minimal cookie size supported by the client is 4096 bytes. This has become a pretty standard value, and if your server sends larger cookies than that it's considered a no-no. . CGI::Cookie::Splitter provides a pretty simple interface to generate small cookies that are under a certain limit, without wasting too much effort.