SMSession cookie length is not fixed because the information that it contains vary.
SMSession cookie will generally be between 800 bytes an 1K. Closer to 800 bytes generally speaking.
The SMSESSION cookie length is not fixed, it encrypt the following information:
Because this information's length vary, so the SMSession cookie's length vary as well.
SMsession cookie will generally be between 800 bytes to 1K.
Closer to 800 bytes generally speaking. The length of a cookie will be dependent on the info which are in it (user DN for example, last SMSESSION update time etc).
The RFC for HTTP cookies specifies that servers should allocate no less than 4k for an HTTP cookie, so we use this as an upper maximum, but should never get close to that limit.
The SMSESSION cookie is encrypted by the Agent key.