Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I make my asp.net website "more cookie free"?

I ran my website through Yahoo's YSlow on my asp.net (vb) website that has 47 pages. There were a few problems, but one of them said I get a "Grade F on Use cookie-free domains".

Specifically, it says:

When the browser requests a static image and sends cookies with the request, the server ignores the cookies. These cookies are unnecessary network traffic. To workaround this problem, make sure that static components are requested with cookie-free requests by creating a subdomain and hosting them there.

I really don't know what they're trying to tell me. They say 43 components on my homepage aren't cookie-free, including: site.css, print.css, homeslider.js, and then 38 or 39 .jpg or .png images aren't cookie-free.

Does anybody know how I can improve this and improve my site's performance? Thank you for any suggestions you can offer!

like image 433
Jason Weber Avatar asked Nov 01 '12 00:11

Jason Weber


2 Answers

When a "static" file like an image or css is requested from your site, the browser sends cookies along with the request. These cookies are useless as the images/css don't change depending on the cookie contents.

To make your static content requests cookie free, serve them from a different domain. For example:

  • Main website: www.mysite.com;
  • Images, CSS, JS, etc.: www.mysitecontent.com

Alternatively, you could use subdomains eg static.mysite.com assuming you specifically tie cookies to the subdomain (eg set cookies for www.mysite.com not just mysite.com). If you're not sure, it's usually easier to use a different domain name

As an example, use firebug or a similar extension to look at this page. You'll note that "static" content comes from sstatic.com not stackoverflow.com

For large sites, it's not uncommon to use a CDN for your static files. For small sites, it's one webserver and multiple virtual hosts is the norm.

like image 56
Basic Avatar answered Oct 21 '22 01:10

Basic


Make sure your website is only loaded from www.domain.com and not domain.com.

Make sure all static images are loaded from static.domain.com.

Here is a blog post that explains more: http://www.ravelrumba.com/blog/static-cookieless-domain/

like image 32
Brandon Avatar answered Oct 21 '22 02:10

Brandon