Apache / PHP Disable Cookies for Subdomain ?

views:

3108

answers:

+1 Q:

Apache / PHP Disable Cookies for Subdomain ?

Hi There,

I am trying to follow these guidelines (http://developer.yahoo.com/performance/rules.html#cookie_free) to make my page load quicker, I have created a static subdomain to load static content from, however it is advising me to not have cookies sent on this subdomain, any ideas on how I might be able to do this in apache / php ? I've searched around and come up with nothing yet.

Many thanks,

Stu

+1 A:

If you never explicitly set a cookie, cookies won't be present on the server. So, if you are using the second domain simply as a repository for images or CSS files, most likely no cookies are ever set.

Updated from Comments.

If you see a 'Request' cookie header to a subdomain you don't want to have cookies, clear your cookies and see if the server ever sends a cookie header in the Response headers. If it does, it is possible you have session.auto_start enabled, or you have a script that sets cookies.

You can check the Request and Response Headers using something like Firebug with Google Page Speed.

Chacha102 2009-07-22 14:58:55

Thanks for your help, I think cookies are getting set as the google page speed firebug plugin is identifying css files, images etc. from the static subdomain as having cookies and using that tool I can actually see some data in the cookie field for the file. Is there a way I could check to see if cookies are explicitly set ? Also the data in the cookie looks like it contains data from the main www site, phpsession id's etc.

stukerr 2009-07-22 15:02:29

If you use the 'Net' feature of Firebug, and then manually browse to those pages, you will be able to see the Request/Response headers for those files, which you would be able to see if something sets a cookie.

Chacha102 2009-07-22 15:05:45

There appears to be cookie data under the request headers, nothing under the response header though, any ideas ?

stukerr 2009-07-22 15:25:00

If it is only under the request headers, clear your cookies, and then Google Page should no longer give that warning. Basically, you are trying to send cookies to the files, but they aren't trying to set anything. So clear the cookies and then check the response.

Chacha102 2009-07-22 15:48:46

Thanks for that, managed to work out it was actually google analytics, so I found out how to restrict that to a domain and it works now, I think this might lead to another question tho, which i'll repost as its in a slightly different area.

stukerr 2009-07-22 17:58:17

You can easily take care of this in PHP. When you set your cookie, the parameter that needs to be set is the domain parameter. Often, this is set to ".domain.com" to make it available on any subdomain. Instead, you might try setting it to "www.domain.com" to restrict it to that domain. Check out the PHP manual's setcookie() documentation.

Brad Gignac 2009-07-22 15:31:52

ansaurus

tags:

views:

answers:

Apache / PHP Disable Cookies for Subdomain ?

related questions