Is it possible to prevent cookies to be sent in every HTTP request?

javascript node.js http cookies browser
16,715

Solution 1

Browsers

Is not possible to prevent browser to send cookies.

This is why is generally it is recommended (Yahoo developer Best practice, see section Use Cookie-free Domains for Components) to serve static content like css, images, from a different domain that is cookie free.

When the browser makes a request for a static image and sends cookies together with the request, the server doesn't have any use for those cookies. So they only create network traffic for no good reason. You should make sure static components are requested with cookie-free requests. Create a subdomain and host all your static components there.

Programmatically

From any programming language, instead, you can choose if you like to send cookies or not.

Cookie management is done by the programmer, because libraries are written to make single requests.

So if you make a first request that return cookies, you need to explicit read them, hold them locally somewhere, and eventually put them in a second request to the same server if you need.

So from NodeJS if you don't explicitly add cookies in your requests the http call doesn't hold them.

Solution 2

You Can Use Fetch with the credentials option set to omit see

https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API

Share:
16,715
Defesa Esquerdo
Author by

Defesa Esquerdo

Updated on June 09, 2022

Comments

  • Defesa Esquerdo
    Defesa Esquerdo almost 2 years

    I recently found (here: Does every web request send the browser cookies?) that every HTTP request contains the cookies related to a domain every time a request is made to that same domain.

    Given this, what happens when the request is not sent through a browser but from Node.js, for example? Is it possible that no information is sent in the request? Is it also possible to prevent it to be sent in the browser requests?

    • Alex K.
      Alex K. over 7 years
      If you open a url that runs something that needs cookies to work properly, you must send the appropriate cookies irrespective of what technology your using.
    • Marc B
      Marc B over 7 years
      what do you mean, "not sent through a browser but from node"? node is doing some kind of internal request, masquerading as the remote user?
    • Defesa Esquerdo
      Defesa Esquerdo over 7 years
      For example, a XHR...
    • Liran Funaro
      Liran Funaro almost 7 years
      For future readers, there is an alternative to cookies which is not sent to the server: stackoverflow.com/a/44149972/2570677
  • Adrien
    Adrien over 7 years
    not sure why the down-vote, OP wasn't clear about where the browsers are. If you want to stop sending cookies on browsers under your control, or in a network under your control, then a proxy is a solution. If the clients are on the internet, and you are the server, then the clients would only send you cookies if you previously set them with a Set-Cookie header, which is therefore under your control.
  • Codebeat
    Codebeat over 5 years
    Explain it a little more: 1. Land on www. subdomain, for example www.yoursite.com and NOT yoursite.com (domain itself) and 2. serve the images and such from a subdomain such as cdn.yoursite.com. The cookies will be used only on www. and not on cdn. However when the visitor land on yoursite.com instead of www.yoursite.com, all cookies will be send to all subdomains. So when the user land on yoursite.com, you must redirect it to www.yoursite.com to keep cdn.yoursite.com (and other domains) cookie free. ;-) it is possible to avoid cookies on such files.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

HTTP request to an external API in Firebase Cloud Functions (Spark Tier) refused
Sharing Cookie between different ports
relative URL not working with axios in node
Node.JS function the returns http response value
req.session undefined and req.session.user_id not working
socket.setTimeout() in node.js
Chrome not setting cookie path to root
How set multiple cookies with res.cookie(key , value) on NodeJS?
Cookies disappear after redirect
Get JSESSIONID value and create Cookie in AngularJS