Friday, February 20, 2009

bad programmer, no cookie!

One of things that I'd been thinking of while trying to optimize the website we've been working on is cookies. One of the issue with a non-www site is that it generally is the root domain, so any cookie that is issued by the root domain will result in the browser sending that cookie with all the subsequent requests (even requests to a sub-domain and for static content). So, let's say you have a site hosted at and all the static content is served through a sub-domain (say by a CDN, any cookies set by have to be sent to, even though the static content hosted at CDN doesn't need the cookies set by root domain. Most of the perf guides that I've read, generally recommend using a cookie-less domain , by hosting the main site on a www subdomain or by using a new domain altogether for serving the static content. Using a www or non-www version is sometimes a corporate choice (which might be influenced by the company's branding; as in our case), and using a different "cookie-less" domain might run you into XSS limitations of the browser. So, wouldn't it be nice if I could provide some kinda hint to the browser as to when not to send the cookies using some meta tag. For instance, if I want to exclude a sub-domain from receiving any parent domain's cookies, I could do:
<meta name="no-cookies" content=",">
And, in case I want to exclude certain file types on the same parent domain itself from receiving any cookies, I could do:
<meta name="no-cookies-for-files" content="jpg,js,css...">
The second meta tag will ensure that browser doesn't send back the cookies for any (static) content which doesn't need the cookies even though the content is served by the same domain. The no-cookies-for-files has to be file extension based instead of MIME based cause to figure out the MIME type, the browser has to make a request first. We can extend this idea even further; but I guess adding these two meta tag support (call it anything that you wish) would be great!

No comments:

Post a Comment