tags:

views:

88

answers:

1
Q: 

using Cookie-free Domains for Components

I was looking at the post here which says

When the browser makes a request for a static image and sends cookies together with the request, the server doesn't have any use for those cookies. So they only create network traffic for no good reason.

Although I tend not to use cookies at all, my doubt is I used to think that the server creates the cookies to store the session varialbles etc and sends to the client. But this statement says the reverse of that. I don't quiet understand what is the need for the browser to create and send cookies with the request, to me it doesn't make any sense?.

Can anyone please correct me?

Thanks/.

A: 

The server creates the cookies, yes, but the browser has to send existing cookies back to the server on every request - that is the only way the web server can identify the user (since HTTP is stateless). Without cookies, a browser is potentially a completely different person than the last request.

Typically a cookie is just a session ID which is mapped to a database entry with all of the session data.

The idea of cookieless domains is to have static resources (that is.. files that rarely/never change, regardless of session state, etc) served without the browser having to send cookie data (which is useless to static content anyway).

Matt  2010-05-05 10:24:04
but that what we use sessions in web apps right? to identify the user on subsequent requests?
JPro  2010-05-05 10:28:50
Sessions are generally supported by cookies. The only other way you could persist the session across requests is if you appended the session ID to each link, or something similar. In either strategy, the browser has to send that session ID back to the server on each request, otherwise the session cannot exist.
Matt  2010-05-05 10:29:56
Exactly, the browser has to send the session ID to the server. But what I am trying to say is , it infact doesn't send the cookie itself?
JPro  2010-05-05 10:45:12
@JPro - the server *creates* the cookie in the first place (using the `Set-Cookie:` header). After that happens, that browser has to send the cookie *back* to the server (using the `Cookie:` header) on each request. In this example, the cookie is holding the session ID. So the cookie is the method of transport to get the session ID back to the server.
Matt  2010-05-05 17:35:35

related questions

Guidelines for asp.net website loading estimation?
Webserver to combine xml files?
Apache Webserver security and optimization tips
Binding a socket to port 80 in ansi c
Creating a REST webserver with security
Embedded Web Server in .NET
Runnning a Python web server as a service in Windows
Where has my ASP.NET State Service disappeared to?
What web server should I use with NetBeans?
How to Limit Download Speeds from my Website on my IIS Windows Server?
ssl_error_rx_record_too_long and Apache SSL
The ideal multi-server LAMP environment
Why won't an Ajax Script Work Locally?
How do I remove loadbalancer pollution from my access logs
How to put up an off-the-shelf https to http gateway?
How do I get sun webserver to redirect from /
How to handle file uploads to a dedicated image server?
How do I write a python HTTP server to listen on multiple ports?
Best way to determine the number of servers needed
WebDev.WebServer.EXE Crashes After VS 2008 SP1 Install
Difference between the Apache HTTP Server and Apache Tomcat?
How do I replicate content on a web farm
Web server farms with IIS ? Basic Infos
User authentication on Resin webserver
HTTP: Generating ETag Header