Claims based authentication and authorization is a standard approach to managing a user's privileges on components of a system. In short, a trusted party creates and signs a set of privileges, commonly referred to as a token, which other components can trust after validating the signature. In the case of a web page, using cookies to store such claims provides a simple way of transmitting the claim base authentication and authorization between calls and pages in web based applications. However, by using cookies certain restrictions on the size of the claim are imposed. Cookies cannot be larger than 4 kilobytes. Further for any given domain a user is limited to a maximum of 20 cookies. If the user exceeds this number of cookies then no more cookies can be provided for the user. In a web based applications such as web service, a user may be associated with a large number of accounts, and thus have large numbers of privileges to those accounts. This results in keeping the user's claim to a the limited size is extremely difficult.