tags:

views:

961

answers:

3
+5  Q: 

Stopping cookies being set from a domain (aka "cookieless domain") to increase site performance

I was reading in Google's documentation about improving site speed. One of their recommendations is serving static content (images, css, js, etc.) from a "cookieless domain":

Static content, such as images, JS and CSS files, don't need to be accompanied by cookies, as there is no user interaction with these resources. You can decrease request latency by serving static resources from a domain that doesn't serve cookies.

Google then says that the best way to do this is to buy a new domain and set it to point to your current one:

To reserve a cookieless domain for serving static content, register a new domain name and configure your DNS database with a CNAME record that points the new domain to your existing domain A record. Configure your web server to serve static resources from the new domain, and do not allow any cookies to be set anywhere on this domain. In your web pages, reference the domain name in the URLs for the static resources.

This is pretty straight forward stuff, except for the bit where it says to "configure your web server to serve static resources from the new domain, and do not allow any cookies to be set anywhere on this domain". From what I've read, there's no setting in IIS that allows you to say "serve static resources", so how do I prevent ASP.NET from setting cookies on this new domain?

At present, even if I'm just requesting a .jpg from the new domain, it sets a cookie on my browser, even though our application's cookies are set to our old domain. For example, ASP.NET sets an ".ASPXANONYMOUS" cookie that (as far as I'm aware) we're not telling it to do.

Apologies if this is a real newb question, I'm new at this!

Thanks.

+5  A: 

If you don't write cookies from domain, the domain will be cookie-less.

When the domain is set to host only resource content like scripts, images, etc., they are requested by plain HTTP-GET requests from browsers. These contents should be served as-is. This will make your domain cookieless. This cannot be done by web-server configuration. Http is completely state-less and web-servers have no idea about the cookies at all. Cookies are written or sent to clients via server-side scripts. The best you can do is disable asp.net, classic-asp or php script capabilities on the IIS application.

The way we do it is.

We have a sub-domain setup to serve cookie-less resources. So we host all our images and scripts on the sub-domain. and from the primary application we just point the resource by it's url. We make sure sub-domain remains cookie-free by not serving any dynamic script on that domain or by creating any asp.net or php sessions.

http://cf.mydomain.com/resources/images/*.images
http://cf.mydomain.com/resources/scripts/*.scripts
http://cf.mydomain.com/resources/styles/*.styles

from primary domain we just refer a resource as following.

<img src="http://cf.mydomain.com/resources/images/logo.png" />
this. __curious_geek  2010-06-17 10:39:47
Thanks for your answer, but as previously stated, we've done exactly the same as you and we're getting cookies set by ASP.NET, not our application. For example, "ASPXANONYMOUS".
Django Reinhardt  2010-06-17 10:56:44
Are you serving your resources from any HttpHandler or do you have global.asax file in your cookie-less domain ?
this. __curious_geek  2010-06-17 11:01:05
I'd suggest to clear all cookies from the browser. put only few image resources on the domain and try calling it from an html page. I'm sure it will be cookie-free.
this. __curious_geek  2010-06-17 11:05:01
I've cleared all my cookies (from both domains), and requested nothing but a single .jpg from the "static" domain. I still get the ASPXANONYMOUS cookie set in my browser.
Django Reinhardt  2010-06-17 11:09:40
I can't help but feel I'm doing something very obviously wrong :-/
Django Reinhardt  2010-06-17 11:10:39
Also make sure, you have create a separate domain altogether and not have a virtual-directory application under primary domain.
this. __curious_geek  2010-06-17 11:14:20
When you say "domain", do you mean "site"? Should I create a new site in IIS and have it pointing to the same directory as our normal site? At present I have the alternative "static" domain binded in IIS to the existing site.
Django Reinhardt  2010-06-17 11:18:49
Ok, I did what I suggested (what I thought you were suggesting) and it worked! Still got some weird bugs to iron out, I think, but definitely getting there.
Django Reinhardt  2010-06-17 11:39:10
I think the trick (in our case) was to make sure that it was set up as a new site in IIS, and not just "binded" to an existed one.
Django Reinhardt  2010-06-17 11:50:54
Exactly, it has to be a seperate domain that a browser can differentiate. The browser does not know about IIS sites and v.dirs.
this. __curious_geek  2010-06-17 14:10:39
The other important thing is to make sure that your App Pool for your Static domain is set to "No managed code". Otherwise you'll be served with the annoying ASPXANONYMOUS cookie.
Django Reinhardt  2010-06-17 14:12:43
I don't think so. We didn't do anything such. AppPool is a concept on server-side and Http or browsers don't have anything to do with this. How do you have cookie-less domains on non-IIS web-servers ? The only way cookie-less domains are achieved is by making sure no single cookie ever is written from the domain and that is why you keep a seperate domain that acts cookie-less because your primary domain would always have to deal with cookies in some ways.
this. __curious_geek  2010-06-17 14:16:49
A: 

If you aren't using that cookie, in any way, you could just disable session state in IIS 6: http://support.microsoft.com/kb/244465

In IIS, go to the Home Directory tab, then click the "Configuration" button.

Next go to the Options tab and un-check "Enable session state". The cookie will go away, and you can leave your files where they are with no need for an extra domain or sub-doamin.

Plus, by using additional domains, you increase dns lookups, which partially defeats the intent of the overall optimization.

LonnieBest  2010-08-31 08:27:21
+1  A: 

I think you might find this article interesting, it shows you how to create a static content website that gets 100/100 on the Google Page Speed test:

Creating Static Content Website in IIS 7

Lucifer  2010-10-30 15:13:55

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps