How to unset a cookie using .htaccess

Question

I'm using Apache; I put the following code in .htaccess to unset the Cookie header but it doesn't work:

<FilesMatch "\.(js|css|jpg|png|jpeg|gif|xml|json|txt|pdf|mov|avi|otf|woff|ico|swf)$">
    RequestHeader unset Cookie
    Header unset Cookie
    Header unset Set-Cookie
</FilesMatch>

What is your solution?

Answer 1

1 - Create a subdomain, such as static.yourwebsite.com, which is where you will deliver all your static files from

2 - Point your new subdomain to the /wp-content directory of your WordPress installation. For cPanel users, you will need to update the document root field from public_html/static to public_html/wp-content like the screenshot below.

3 - Edit your wp-config.php file to reflect the following

define("WP_CONTENT_URL", "http://static.yourwebsite.com");
define("COOKIE_DOMAIN", "www.yourwebsite.com");

4 - Run the following command in your SQL database, this will ensure all post URLs are directed to the new subdomain:

UPDATE wp_posts SET post_content = REPLACE(post_content,'www.yourwebsite.com/wp-content/','static.yourwebsite.com/')

Answer 2

Preventing the server from issuing a Set-Cookie response header for specific file types won't stop other file types setting a cookie for the domain. So the browser will still send the cookie and the benefits are lost.

Telling the server to remove a Cookie request header before passing it on to the next layer of request processing won't stop the browser from sending it in the first place. So the benefits are lost.

The article you reference in a comment says to serve your static files from a different domain.

Do that. Never write code that sets a cookie for that domain. That's all you need to do.