http://wp.netscape.com/newsref/std/cookie_spec.html

There are limitations on the number of cookies that a client can store at any one
time. This is a specification of the minimum number of cookies that a client should
be prepared to receive and store.

1) 300 total cookies

2) 4 kilobytes per cookie, where the name and the OPAQUE_STRING combine to form the
4 kilobyte limit.

3) 20 cookies per server or domain. (note that completely specified hosts and
domains are treated as separate entities and have a 20 cookie limitation for each,
not combined)

Servers should not expect clients to be able to exceed these limits. When the 300
cookie limit or the 20 cookie per server limit is exceeded, clients should delete
the least recently used cookie. When a cookie larger than 4 kilobytes is encountered
the cookie should be trimmed to fit, but the name should remain intact as long as it
is less than 4 kilobytes.