MyBB Internal: One or more warnings occured. Please contact your administrator for assistance.
Cookie Scoping
Current time: 07-05-2020, 10:21 AM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Cookie Scoping
07-13-2010, 07:53 PM (This post was last modified: 07-13-2010 08:39 PM by calumfodder.)
Post: #1
Cookie Scoping
Best practice is to serve static content without cookies attached.

To achieve this people generally split static content out to a cookie free domain.

Is there a way to serve both dynamic (with cookies) and static content (without cookies) from the same domain? ie. is it possible to scope cookies by resource as well as by domain/sub-domain?
Answering my own question (maybe I should have seached a little longer), it would seem that provision for this already exists by setting the 'path' attribute on the cookie.

Setting the path attribute to a subset of the urls being served by a domain allows for the tightening of the scope of a cookie.
So we can split the site like so:
my.example.com/dynamic
my.example.com/static
Then limit the cookie to a domain of my.example.com and a path of /dynamic

This should mean that browsers will not supply a cookie when requesting resources from my.example.com/static

Are there any pitfalls (eg. lack of browser support) to using the path attribute on a cookie?
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
Cookie Scoping - calumfodder - 07-13-2010 07:53 PM
RE: Cookie Scoping - pmeenan - 07-13-2010, 09:01 PM
RE: Cookie Scoping - calumfodder - 07-13-2010, 10:43 PM
RE: Cookie Scoping - green-watch.org - 07-13-2010, 09:51 PM
RE: Cookie Scoping - pmeenan - 07-13-2010, 10:38 PM
RE: Cookie Scoping - green-watch.org - 07-14-2010, 02:22 AM
RE: Cookie Scoping - pmeenan - 07-14-2010, 03:23 AM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)