Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to prevent cookies to be sent in every HTTP request?

I recently found (here: Does every web request send the browser cookies?) that every HTTP request contains the cookies related to a domain every time a request is made to that same domain.

Given this, what happens when the request is not sent through a browser but from Node.js, for example? Is it possible that no information is sent in the request? Is it also possible to prevent it to be sent in the browser requests?

like image 823
Defesa Esquerdo Avatar asked Aug 25 '16 15:08

Defesa Esquerdo


People also ask

Are cookies sent with every HTTP request?

Cookies are sent with every request, so they can worsen performance (especially for mobile data connections). Modern APIs for client storage are the Web Storage API ( localStorage and sessionStorage ) and IndexedDB.

How do I bypass cookies in GET request?

To send cookies to the server, you need to add the "Cookie: name=value" header to your request. To send multiple Cookies in one cookie header, you can separate them with semicolons. In this Send Cookies example, we are sending HTTP cookies to the ReqBin echo URL.

Why is cookie not sent with request?

If the server doesn't allow credentials being sent along, the browser will just not attach cookies and authorization headers. So this could be another reason why the cookies are missing in the POST cross-site request.

What are cookies in request?

The request cookie is what is send from the client to the server (thus what the browser provides). The response cookie are the cookies that you want to place in the browser. The next connection from the browser that accepted the cookie from the response object will provide the cookie in the request object.


2 Answers

Browsers

Is not possible to prevent browser to send cookies.

This is why is generally it is recommended (Yahoo developer Best practice, see section Use Cookie-free Domains for Components) to serve static content like css, images, from a different domain that is cookie free.

When the browser makes a request for a static image and sends cookies together with the request, the server doesn't have any use for those cookies. So they only create network traffic for no good reason. You should make sure static components are requested with cookie-free requests. Create a subdomain and host all your static components there.


Programmatically

From any programming language, instead, you can choose if you like to send cookies or not.

Cookie management is done by the programmer, because libraries are written to make single requests.

So if you make a first request that return cookies, you need to explicit read them, hold them locally somewhere, and eventually put them in a second request to the same server if you need.

So from NodeJS if you don't explicitly add cookies in your requests the http call doesn't hold them.

like image 111
Davide Lorenzo MARINO Avatar answered Oct 18 '22 22:10

Davide Lorenzo MARINO


You Can Use Fetch with the credentials option set to omit see

https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API

like image 22
MGal Avatar answered Oct 18 '22 22:10

MGal