SMSession cookie length is not fixed because the information that it contains vary.
SMSession cookie will generally be between 800 bytes an 1K. Closer to 800 bytes generally speaking.
The SMSESSION cookie length is not fixed, it encrypt the following information:
SM_AGENTAPI_ATTR_USERDN SM_AGENTAPI_ATTR_SESSIONSPEC SM_AGENTAPI_ATTR_SESSIONID SM_AGENTAPI_ATTR_USERNAME SM_AGENTAPI_ATTR_CLIENTIP SM_AGENTAPI_ATTR_DEVICENAME SM_AGENTAPI_ATTR_IDLESESSIONTIMEOUT SM_AGENTAPI_ATTR_MAXSESSIONTIMEOUT SM_AGENTAPI_ATTR_STARTSESSIONTIME SM_AGENTAPI_ATTR_LASTSESSIONTIME
Because this information's length vary, so the SMSession cookie's length vary as well.
SMsession cookie will generally be between 800 bytes to 1K.
Closer to 800 bytes generally speaking. The length of a cookie will be dependent on the info which are in it (user DN for example, last SMSESSION update time etc).
The RFC for HTTP cookies specifies that servers should allocate no less than 4k for an HTTP cookie, so we use this as an upper maximum, but should never get close to that limit.
The SMSESSION cookie is encrypted by the Agent key.