Creating cookieless application on development machine with asp.net

Question

I tried posting this on ServerFault with no luck so i am trying here.

I am thinking about setting up a new domain to host static content on my website and have it cookieless just like Stackoverflow with their static domain. So before going ahead and buying the domain and setting it up I wanted to test it on my developement machine first under localhost (I have to mention that i am planning on having IIS running on my new domain for the static files).

I therefore created a new application under IIS and disabled session state and forms authentication. When my main application needs resources like css, images and js , I use the path to the "static" application where they are hosted.

The problem is that when I look at the request and the response for the requested files, they still have the session_id cookie defined as well as the asp.net authentication cookie.

Is it at all possible to accomplish what i am trying to do on a development machine or do i have to just go ahead and purchase the new domain which hopefully with make things right? I tried to read about cookieless domain but can't figure out what i might be missing.

Update

My setup was as follows. I created two web applications. - One web application for the website - one web application for everything static (css, images, scripts...)

Both applications are added to IIS and none of them is a sub-application of the other. (They are both separate websites under IIS structure).

I have wondered if having both website under the same IP might have explained my results but when I deployed both sites, the issue disappeared.

Answer 1

Ensure you have the following web.config settings:

• <sessionState mode="Off" />
• <authentication mode="None" />

I think that is all, though I haven't tested it. To be safe, you could use the advice from Creating Static Content Website in IIS 7 which disables all modules and only re-enables them as necessary:

<system.webserver> 
    <modules>
        <clear />
        <add name="StaticFileModule" ... />
        ...
    </modules>
    ...
</system.webserver>

PS: See this answer for tips on setting cache values.

Answer 2

The basic idea:

1. Make a new website in IIS (map it to a subdomain or make it a totally seperate site. Sometimes suddomains aren't enough if users access your site from http://example.com instead of http://www.example.com since in the first case cookies will probably be sent to the new subdomain too).
2. DISABLE ASP.NET all together in IIS for your new site. If you are just serving static content then you don't need ASP.Net enabled
3. Load up your static content and link away

Reference:
- Stopping cookies being set from a domain (aka "cookieless domain") to increase site performance
- How to respect "Serve static content from a cookieless domain" page speed rule in IIS6?
- Avoiding cookies while requesting static content