Use cookie-free domains drupal hosting

When things like YSlow and Page Speed tell you to set up cookie-less domains, what they actually mean is serve media from a domain where you won't be setting any, or have not set any (globally) in the past. Sometimes this can be accomplished by using sub-domains, such as media.domain.com. or static.domain.com. however if you set a cookie on domain.com that applies to the domain as a whole - a cookie for *.domain.com - then this cookie will be sent by the client back to the server on every request for every domain associated with domain.com. This includes all sub-domains.

Use cookie-free domains drupal hosting cookieless-domain    
                                                                                                                                                                                                                                                                                       
   answered Jul 31

The global cookie becomes an issue if you decide to forgo the use of www. on your domains. Without a specific sub-domain to set a cookie for, all cookies must be set for *.domain.com in order for them to work.

This global cookie issue is why you will see static media served from places like ytimg.com on YouTube. ytimg.com will never serve dynamic content that can set cookies, which means no cookie for will ever be sent from the client back to the server when these domains are part of HTTP requests.

If you are certain that you will never have a cookie set for *.domain.com then you can use a sub-domain for your needs. Be aware that most of the time if you integrate with another site or service via Javascript, they will set global domain cookies.

In Apache (and I'm sure every other webserver) you can set or unset headers before requests are answered. This will not fix the issue of the client sending the cookie to your server, but it will keep your domains from ever sending or initially setting cookies. Only a problem if you serve content that isn't static from your cookie-less domains, which defeats their purpose.

This will unset the headers for existing cookies and for creating new cookies. Again, only an issue if you serve content from your static domains that could potentially set a cookie. Place this in your site or virtualhost's configuration (which depending on your OS, server, and version could be any number of places).

answered Jul 31 '10 at 3:58

How do I specify that I don't want to use cookies?

It's not about what you need to do to have a cookieless domain - it's more about what you need to not do. To have a cookieless domain you have to make sure your application running on that domain doesn't set any cookies. This usually means not having logins, not having google analytics, not having sessions - i.e just serving media and nothing else. Obviously this depends on your setup.

One mistake I made recently was that I didn't make the distinction between a domain and a sub-domain. I started serving all my media from media.example.com thinking it was a cookieless domain but actually it is a sub -domain and I found many of my cookies from the main site www.example.com where being set at a domain level and therefore polluting my suppossedly cookieless sub-domain. Here is the link for how I solved that problem: https://serverfault.com/questions/160210/nginx-serve-static-content-from-a-cookieless-domain

Use cookie-free domains drupal hosting that could potentially set

answered Jul 31 '10 at 13:35

Related articles

Drupal hosting with sslHTTPS is a protocol which encrypts HTTP requests and their responses. This ensures that if someone were able to compromise the network between your computer and the server you are requesting...
Comment permalink drupal hostingThis set of screenshots grew out of a recent forum post on the Acquia Network forums. It walks through setting up a GoDaddy Linux hosting account to use Acquia Drupal. At the end of the process...
Best robots txt for drupal hostingEvery day, millions of people use Google Image Search to find pictures, products, and people. If you're using Drupal, chances are you're not getting any of this traffic. Drupal's robots.txt...
Field tools drupal hostingIntroduction An implementation of an effective search is one of the most difficult tasks in development, but it's also a key to success of many websites and applications. A quick search and...
All modules drupal hostingJanuary 31, 2017 I had started this series with a post about what features will be evaluated when selecting DIY Drupal hosting solutions. We shall start with the most simplest and earliest...