I've been reading some posts about web performance, one of the points is to
serve static content from a cookie-free domain, my question is:
Can I share cookies between, let's say example.com and www.example.com, while excluding static1.example.com, static2.example.com, etc?
Or do I need to set a different top level domain?
I know (or I think) that I could set the domain of the cookie to '.example.com', but
correct me if I'm wrong this shares the cookies across all sub-domains.
If you need to share cookies across subdomains you need to scope the cookie at the domain level (e.g. .example.com). When you do that the cookie is available to all the subdomains of .example.com.
For a cookie free static content domain, it is usually a separate domain (e.g. example_staticstuff.com). There is a default two connection limit per domain in HTTP 1.1, so having separate domains often helps speed up simultaneous downloads.
Your assumptions are correct :-)
You would have to set a cookie for each sub-domain you want to authorize with the full host-name. This creates additional HTTP header overhead and would be a maintenance nightmare :[
Related
I have a cookie generated on a domain www.foo.bar that I need to share with another website located on www.something.com.bar.
Both sites are hosted on the same server.
Can I do that, and if yes, how?
Thanks.
No, you cannot share cookies across domains. The browser will only send a cookie to the domain (or sub-domains there of) that initially set it.
Read up on the Same origin policy / Cookie policy
I have the one application that can be access from 2 different domains. the application shows data depending on the domain used.
I need the client who logged in domain1 will be also logged in within domain2 access.
Its not so easy as its sound because a cookie is used for the validation and the cookie can not be set from different domains.
Read this post on meta on how stackoverflow make it work: https://meta.stackexchange.com/questions/64260/how-does-sos-new-auto-login-feature-work
Also you can read the Global Network auto-login article.
i have an asp.net website http://www.site.com. This web app is also running on http://subdomain1.site.com and http://subdomain2.site.com. Now i want to set authentication cookie in such a way that http://site.comand http://www.site.comshare authentication cookie but it should not be shared by http://subdomain1.site.com. similarly, http://www.domain1.site.com and http://domain1.site.com should share cookie but it should not be shared by http://domain2.site.com or http://www.domain2.site.com. How can i handle this with asp.net?
By default, cookies are associated with a specific domain. For example, if your site is www.contoso.com, the cookies you write are sent to the server when users request any page from that site. (This might not include cookies with a specific path value.) If your site has subdomains—for example, contoso.com, sales.contoso.com, and support.contoso.com—then you can associate cookies with a specific subdomain.
Response.Cookies["domain"].Domain = "support.contoso.com";
Normally a cookie set on contoso.com will be accessed by all subdomain. but if you want to limit sub domain for the cookie you should manually set domain property for each domain you want them to access.
Regards.
I ended up using different cookie names on different domains as described in this article
This is pretty much a basic question since I got a bit confused
When we set a cookie with domain .mydomain.com refers to use the same cookie over subdomains, what if I do .test.mydomain.com does it mean urls like helloworld.test.mydomain.com will be able to re-use the cookie?
Yes, that's how it works. There's no special detection of what level the 'subdomains' are, everything is really a subdomain to the TLD at the least. What if you had a .co.uk address?
Here is an intersting article about sharing cookies across subdomains
15Seconds
I have one dome name. www.abc.com
and i want to speedup all images an d static content from cookies domain.
what i require to do with that?
i want to create new sub domain with name static.abc.com but that time also cookie coming with both domain.
i am user dotnet panel for hosting.
technology is .net
There are two ways to accomplish this. You could set the cookie for FQDN (fully-qualified domain name) of www.abc.com, but this would restrict the cookies to just www.abc.com. This may be stricter than you want.
The more common solution it to register a completely separate domain for cookieless hosting. This is used by many websites already.
Google uses gstatic.com
Facebook uses twimg.com (I think)
Yahoo uses yimg.com (I think)
EBay uses ebaystatic.com
etc.
When you create a cookie, set it's Domain property to ".abc.com", that way the cookie will be shared by both the www.abc.com and static.abc.com subdomains.