Setting up a cookie-less domain for static assets

1
votes

I have a web app that makes use of a couple cookies that each have the domain property: ".vibecompass.com"

The cookies are shared across several sub-domains (de.vibe.... & es.vibe... etc.)

I'm loading all my static assets from this subdomain: "www.vibecompass.com" I do this essentially because I'm using cloudflare to auto-minify and gzip (plus act as a CDN) my js & css files. But of course, my session cookies are being sent with every request which is inefficient.

Will a cookie that has the following domain: ".vibecompass.com"

be sent by a browser for http requests to: "staticassets.www.vibecompass.com"

This would be a lot more convenient that using a different TLD in my situation.

1
httpcookiessubdomainassets

1 Answers

2
votes

As explained here, the domain attribute of a cookie applies to its subdomains as well, so '.vibecompass.com' will apply to "www.vibecompass.com" as well as "staticassets.www.vibecompass.com".

I know you said you don't have the option of a new top-level domain, but can you set up "static.vibecompass.com" for the static content? Then you can apply your cookies only to the "www.vibecompass.com" subdomain.

If that's not an option, you can try using the path field. You'll have to have all the dynamic content (webpages) in their own directory like "www.vibecompass.com/site/", then you can have your cookies apply to that directory only (domain: 'www.vibecompass.com', path: '/site').