WebPagetest Forums
cookies domains over more than 1 protocol - Printable Version

+- WebPagetest Forums (https://www.webpagetest.org/forums)
+-- Forum: Web Performance (/forumdisplay.php?fid=3)
+--- Forum: Optimization Discussions (/forumdisplay.php?fid=5)
+--- Thread: cookies domains over more than 1 protocol (/showthread.php?tid=13035)



cookies domains over more than 1 protocol - trx - 06-14-2014 05:53 AM

Hello Community,
How does one simply implement a cookie-less domain solution when using more than 1 protocol (http/https)?

For example:

cookie-less domain used: http://www.abc.com
http URL: http://www.xyz.com
https URL: https://www.xyz.com

In the HTTP state, the cookie-less domain will not prompt any mix content messages but it will most likely will prompt when in an HTTPS state (i.e. IE browsers).

Any thoughts?

Thanks.

TRX


RE: cookies domains over more than 1 protocol - andydavies - 06-16-2014 04:35 AM

1. Make sure the cookieless domain can support both HTTP and HTTPS

2. Reference the resources on it using a schemaless URL e.g. //www.abc.com i.e. URLs that don't start with http: or https:


RE: cookies domains over more than 1 protocol - trx - 06-16-2014 04:40 PM

I like #2. I've never tried it before. I'll give it a try and let you know how it goes. Thanks!


RE: cookies domains over more than 1 protocol - pmeenan - 06-17-2014 05:06 AM

Only thing to watch out for with schema-less urls is CSS files and older versions of IE (doesn't break anything so probably worth ignoring at this point). Paul Irish has a good post on it here: http://www.paulirish.com/2010/the-protocol-relative-url/


RE: cookies domains over more than 1 protocol - andydavies - 06-17-2014 06:56 AM

I think Steve or Stoan have a post about one of the older IEs (7/8?) making duplicated requests with schemaless URLs but I couldn't find when I went looking


RE: cookies domains over more than 1 protocol - pmeenan - 06-17-2014 07:00 AM

Yeah, that would be the IE issue I mentioned ;-) It only impacts CSS resources that are imported or linked AFAIK and it just downloads twice but doesn't actually break the page - which seems like a fair thing to ignore for versions of IE that are very risky for users to be using at this point anyway.