Prevent Cookies From Being Sent on AJAX Request

tags:

jquery-ajax

views:

187

answers:

+4 Q:

Prevent Cookies From Being Sent on AJAX Request

Hello everyone,

I have a web service that I invoke from script but that does not need any information stored in cookies. Anytime I make a request to the service, the cookie is sent along with it. I understand that by default cookies are sent with HTTP request, but is there any way at all to overwrite that behavior and not send the cookie?

In a nutshell, I am issuing my request like this:

$.ajax({ type: "POST", cache: false, url: url, data: data, contentType: "application/json; charset=utf-8", dataType: "json", success: function(response) { successFunc(response); }, error: function(xhr) { errorFunc(xhr); } });

+1 A:

You are correct in saying that browsers send matching (path + domain + session) cookies along with the HTTP request. This is critical for the cookie mechanism to work.

Couldn't you simply, not read the cookies?

Additionally, when the cookie is originally set, you can set what directory (and its subdirectories) can access the cookie.

For example, if you set a cookie to be read in /foo/bar/ only, a file located in /whatever/ajaxHandler.php cannot see those those cookies.

Check this out: http://us.php.net/setcookie

While I'm not sure if you're using PHP, it could be a good starting point for you.

Foxtrot 2010-05-13 18:21:14

Ignoring the cookie doesn't solve the problem of it consuming bandwidth

Osseta 2010-05-14 04:09:55

Foxtrot, I am curious what you mean by "simply not read the cookie". Also, to touch on your angle with setting them for specific directories, is is possible to set a cookie for the entire scope BUT a certain directory? If so, that would give me something to work with, I believe. Bear in mind this is all happening in the same domain and would need to be distinguished by a path in that domain. I don't know that cookies can handle that.Is anyone aware whether jQuery itself allows for not sending cookie with an AJAX request? That would be the ultimate solution for me. =]

BMD86 2010-05-15 17:01:10

+2 A:

Send AJAX requests to cookie-less subdomain on your server. So you app is www.mydomain.com and ajax requests are served from api.mydomain.com which you never set a cookie on. Also a great idea to do this with static files like images etc...

see the "Use Cookie-free Domains for Components" section of http://developer.yahoo.com/performance/rules.html

Osseta 2010-05-14 04:08:39

Osseta, very good call on cookieless domains. We do this currently for other resources such as almost all of our static files. I need to elaborate a bit more on this web service. It is not stand-alone and contained in a subdirectory, so for the sake of this discussion say I am invoking methods in the same domain my web app is under but in sub-path "/publicservices/service.asmx."

BMD86 2010-05-15 17:07:24

I'm not certain, but I'm under the impression that cookie are a global config per (sub)domain. So they are either on or off and not configurable on a per request basis.

Osseta 2010-05-18 06:40:32

Unfortunately, I do believe you are right. Thank you very much for your insight!

BMD86 2010-05-18 15:51:03

ansaurus

tags:

views:

answers:

Prevent Cookies From Being Sent on AJAX Request

related questions