tags:

views:

216

answers:

2
Q: 

How to disable cookies in Amazon S3

Hi there!

I'm using Amazon S3 for my static files (pics, js and css). The S3 url is a subdomain of my main webapp (http://s.webapp.com)

Google's PageSpeed and Yahoo's YSlow warn to 'Use cookie-free domains' and 's.webapp.com' is one such domains using cookies but not really needing to.

How do I disable cookies in my Amazon S3 subdomain?

thanks, cheers

+3  A: 

By default cookies will be set for all hosts in a domain. If you are using cookies and you want to make sure they aren't sent for your "s." host, just make sure that when you set a cookie that you use "www.webapp.com" as the host rather than the default of ".webapp.com" (which would include all hosts).

Another alternative, especially if you have other hosts that will need to share cookies, is to just register another domain, say "webappstatic.com" and use that for your S3 content. I believe that is the solution that most big sites using S3 use.

Eric Petroelje  2009-12-09 16:30:58
You're right about the subdomains. But my web-app doesn't use the www. subdomain: it always defaults to the webapp.com. So, really can't set cookies to only the www. subdomain. I tought that 'not allowing cookies' was a server/domain configuration.
sopppas  2009-12-09 17:25:22
@sopppas - nope, it's not a server or domain configuration issue. It's simply a matter of just not sending any cookies.
Eric Petroelje  2009-12-09 18:33:05
+2  A: 

As your S3 subdomain is a subdomain of you webapp domain you won't be able to stop cookies being sent. They're always sent to subdomains of the domian that sets them.

Stack Overflow had the same problem, which is why static resources are served from sstatic.net and not static.stackoverflow.com.

Dave Webb  2009-12-09 16:33:13

related questions

Storing xml data in a cookie
Best way to secure an AJAX app
Is it possible to delete subdomain cookies?
What are the possible causes of a CGI::Session::CookieStore::TamperedWithCookie exception in rails
How do I access cookies within Flash?
Cookies and subdomains
Accessing Domain Cookies within an iFrame on Internet Explorer
Web Dev - Where to store state of a shopping-cart-like object?
Can JQuery read/write cookies to a browser?
Can you reliably set or delete a cookie during the server side processing of an Ajax (XHR) call?
How can I add cookies to Seaside responses without redirecting?
passing or reading .net cookie in php page
Best way for allowing subdomain session cookies using Tomcat
Why can't I delete this cookie?!
Apache Download: Make sure that page was viewed before download
Secure session cookies in ASP.NET over HTTPS
Always including the user in the django template context
How do you set up use HttpOnly cookies in PHP
How exactly do you configure httpOnlyCookies in ASP.NET?
How do you configure HttpOnly cookies in tomcat / java webapps?
How do HttpOnly cookies work with AJAX requests?
What is the best way to prevent session hijacking?
Associating source and search keywords with account creation
How would you implement FORM based authentication without a backing database?
How do I stop IIS7 dropping my cookies?