How to respect "Serve static content from a cookieless domain" page speed rule in IIS6?
How to respect "Serve static content from a cookieless domain" page speed rule in IIS6?
To create a cookieless site (or subdomain, which is a very common best-practice) in IIS6/IIS7/IIS7.5 is simple : you need to tell the website that you are not to use cookies :) Which means in IIS terms, not to use a session.
This can be achieved in IIS6/IIS7 via two ways.
- Modifying the Web.config file (my personal recommendation)
- Using the IIS Manager GUI to find the setting and changing it.
IMPORTANT
Before you do any testing, you must must must clear all cookies (or all cookies for the domain u are testing) otherwise, they will get passed along even if u have done all the steps.
1. Via Config File
You need to define the session state to off.
<system.web>
<sessionState cookieName="What_ever" mode="Off" />
</system.web>
NOTE: Please note that the attribute cookieless (true|false) does NOT mean 'send cookies/do not sent cookies). That's for using sessions with/without cookies ... and passes some cookie guid into the url instead (if set to true).
2. Via Gui
Hope this Helps (i assume u know how to test that no cookies are working/not working...)
Thank you a lot I will create a new web application in order to that that. –
Hakluyt
both answers are valid but you I guess you invest more than Sam152 It's why I valid your answer. Thanks you All –
Hakluyt
This does not sound right. Setting sessionState mode to off does not turn of cookies. You can still set cookies with that setting on your web pages. We have been doing this in production for quite a while. –
Bimetallic
Off == Not Enabled. To -really- test this setting, make sure u connect to the website via Incognito/Private browsing, so no cookies are sent across on the FIRST request. –
Tortious
@Tortious You've blanked out the site name in most of the images but not the Title on the right pane. Granted this was posted 3+ years ago, but thought you might like to know. –
Maid
Ta - fixed. Can u remove your comment now, so not to hint at SO history changes... –
Tortious
What this means is that your content needs to come from a domain that has no cookies attached to it. StackOverflow.com is an example of a site that does this. You will notice that all SO's static content comes from a domain called sstatic.net.
http://sstatic.net/stackoverflow/all.css
http://sstatic.net/js/master.js
This is so that the client and the server don't have to waste resources on actually parsing and handling cookie data. The good news is, you can use a sub-domain, assuming that you set your cookie path correctly.
Yahoo Best Practices for Speeding Up Your Web Site
Use Cookie-free Domains for Components
When the browser makes a request for a static image and sends cookies together with the request, the server doesn't have any use for those cookies. So they only create network traffic for no good reason. You should make sure static components are requested with cookie-free requests. Create a subdomain and host all your static components there. If your domain is www.example.org, you can host your static components on static.example.org. However, if you've already set cookies on the top-level domain example.org as opposed to www.example.org, then all the requests to static.example.org will include those cookies. In this case, you can buy a whole new domain, host your static components there, and keep this domain cookie-free. Yahoo! uses yimg.com, YouTube uses ytimg.com, Amazon uses images-amazon.com and so on.
Another benefit of hosting static components on a cookie-free domain is that some proxies might refuse to cache the components that are requested with cookies. On a related note, if you wonder if you should use example.org or www.example.org for your home page, consider the cookie impact. Omitting www leaves you no choice but to write cookies to *.example.org, so for performance reasons it's best to use the www subdomain and write the cookies to that subdomain.
Cookies might be required by your web application, if they are, disabling them is not a good idea, is they aren't no cookies will be set anyway and this step wont apply to you. –
Strapping
@Christophe Debove - I've added a new answer to help you through the steps to making a cooklieless site in IIS. –
Tortious
@Christophe, You do not need to set anything to be
cookie less, browser does this thing itself, when you are making request to any component which is located on some other domain, browser does not send any cookie with the request for some security reasons. and thus your requests become cookie less. –
Ectype yeap of course thank you, it was implicit and not explicit it was why I was I little bit confused –
Hakluyt
@Zain Shaikh : can u please elaborate on your comment? Because I don't understand what you mean, and based upon my answer, it disagrees with your comment. My answer is targeting server configurations. Are you referring to client side configurations (which does agree with your comments -> no browser settings are required BUT you can tweak your browsers to never accept cookies). The question is targeting server configurations, though. –
Tortious
ok so I was I little bit confused with the process of cookie, I understood if the domain is different so the cookies are not send, like I said un my comment at the top of the page both of question are valid and it's why I vote up for both but I wich the configuration for IIS too. Even if I know in my case it's not necesary. Thanks you –
Hakluyt
create subdomain ( for example static.example.com ) and store all static content(images, css, js) here
© 2022 - 2024 — McMap. All rights reserved.