in a website where cookies are used for top-level pages (such as example.com/test.php, example.com/whatever.php), is it possible to ban cookies from certain directories such as "/images/", or am I just going to have to use a second domain (static.example.com/images/photo.jpg) ?
does anyone know of a workaround? it's for a CMS where I may not always be able to create a second domain.
Change your top-level pages to be one level down: example.com/test.php -> example.com/app/test.php
You can then set your cookies on example.com/app and they will not be sent to example.com/images
(Also your workaround won't quite work either, as static.example.com/images/photo.jpg will still get cookies set for example.com. It needs to be a different parent, e.g. example2.com/images).