setting up a cookie less sub domain

subdomain cdn cookieless cloudflare
14,943

Solution 1

Being cookie-less and served by CDN are unrelated properties of a domain.

To make some domain cookie-less for your site you simply should not set cookies visible on that domain and make sure any other third party code you use on your site does not do so.

It is generally inconvinient to avoid cookies from example.com to not not be visible on sub-domains (often sites are served from 2 locations www.example.com and example.com). If you are fine to having cookies on just example.com - make sure that all set-cookie headers specify exact domain ("example.com" not ".example.com") so cookies will not be visible on any subdomain. Another option is to move main site to subdomain and set cookies there (i.e. www.example.com), than again cookies will not "leak" to sibling sub-domains (i.e. "img.example.com")

It may be better idea to host static content on totally separate domain name - easier to controll cookies and potentially more posibilities for CDN (i.e. in some cases HTTPS traffic from CDN may require different actions for custom and CDN-provided domain).

Solution 2

The browser will look at example.com and www.example.com differently. If you set cookies on example.com then it will look for them on requests to www.example.com and cookie-free.example.com which I expect is why you're having trouble getting a cookie free subdomain (because the top level has cookies). Best practice is to use www.example.com as your site, and set cookies there, then if you use cookie-free.example.com (another subdomain, like www) it will not have the cookies which are looked for top down by browsers.

See http://developer.yahoo.com/performance/rules.html#cookie_free for more info.

Share:
14,943
Anik Chakraborty
Author by

Anik Chakraborty

Updated on June 04, 2022

Comments

  • Anik Chakraborty
    Anik Chakraborty almost 2 years

    previously I served images for my site (http://example.com) from these two folders : http://example.com/images and http://example.com/pics

    Now I have created a sub domain img.examole.com and moved those folders to http://img.example.com/pics and http://img.example.com/images locations. I have also blocked access to http://example.com/img folder by editing .htaccess file so that the sub-domain can not be accessed as a directory of main site. It only can be accessed as http://img.example.com

    How can I make this http://img.example.com subdomain a cookie less sub-domain? Or can I add this http://img.example.com sub-domain to cloudflare? I do not want to add the main domain http://example.com to cloud flare. When I am trying to add http://example.com to cloud flare from my CPanel it is showing :

    A type records cannot be directly routed though the CloudFlare network. Instead, click here and either switch the type of img.example.com. to CNAME

    I have changed the image location to http://img.example.com/pics in all my articles. How to fix this? plz help..

  • Anik Chakraborty
    Anik Chakraborty over 11 years
    hi, there is no 'COOKIE_DOMAIN' entry in my wp-config.php file
  • Alexei Levenkov
    Alexei Levenkov over 11 years
    @AnikChakraborty, I did not realized that you have some php specfic question... Unfortunately I have no idea how cookies are configured in php.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cloudflare DNS: How to 301 Redirect all traffic from Sub Domain to Main Domain with URL path?
How does CloudFlare's Rocket Loader actually work (and how can a developer ensure compatibility)?
How can CloudFlare offer a free CDN with unlimited bandwidth?
Cloudflare is it safe?
Can I route only a subdomain through CloudFlare?
How does a CDN like CloudFlare work?
Does CloudFlare cache videos, and would this wildcard Page Rule work for that?
Can I use the same SSL certificate on the CDN and the origin
Cloudflare or Incapsula CDN without changing DNS
How to prevent exposing origin IP address on Cloudflare?