CODEWITHSUNDEEP
phpbrowserrequestcookies
Nazariy
Nazariy

Reputation: 6088

How to tell browser do not send COOKIE for certain folders, files or request?

I'm running PHP5 and Apache with mod_rewrite enabled.

As we know on every page load browser sends cookie data to requested files. This data could be useful for PHP files, however for images or css files it has no value and simply make communication between browser and server slower.

Is there any ways to tell browser or server to stop doing so for certain file types or directories?

Upvotes: 1

Views: 2337

Answers (2)

user240438
user240438

Reputation:

I looked up the cookie specification.

When it sends a request to an origin server, the user agent includes a Cookie request header if it has stored cookies that are applicable to the request.

The only conditions that it describes are domain, path, port, and security (https). If you can't restructure your application to avoid this, you're going to get the extraneous cookies, and there's probably nothing you can do about it (short of replacing all the browsers on the Internet, or just not sending cookies to begin with). I'd consider putting a redirect at / to point it to a subdirectory, but that's probably just as much overhead as you're hoping to save, and has semantic implications.

Have you benchmarked it? How big a deal is it exactly? How big of cookies are you sending? Are there other optimizations you could be doing to improve your user experience instead?

Cookie syntax, for reference:

   set-cookie      =       "Set-Cookie2:" cookies
   cookies         =       1#cookie
   cookie          =       NAME "=" VALUE *(";" set-cookie-av)
   NAME            =       attr
   VALUE           =       value
   set-cookie-av   =       "Comment" "=" value
                   |       "CommentURL" "=" <"> http_URL <">
                   |       "Discard"
                   |       "Domain" "=" value
                   |       "Max-Age" "=" value
                   |       "Path" "=" value
                   |       "Port" [ "=" <"> portlist <"> ]
                   |       "Secure"
                   |       "Version" "=" 1*DIGIT
   portlist        =       1#portnum
   portnum         =       1*DIGIT

Upvotes: 1

dmazzoni
dmazzoni

Reputation: 13236

Two ways:

  1. Restrict the path of the cookie to only the part of your site containing php scripts that need the cookies, or
  2. Serve images and css from a different domain, where the cookies won't get sent.

Upvotes: 6

Related Questions