www vs no-www and cookies
One of Yahoo's performance rules says: Use cookie-free domains for static components. This is good because the server has no use for cookie information when serving a JPEG or another static component, so all this cookie information creates network traffic for no reason.
One of the implications of following the rule is related to the whole www vs no-www question. Basically you should always use www if you're planning to use any other sub-domains and you want them cookie-free. This is because you have no way to set a cookie only to the top-level domain. So for example you cannot write a cookie only to phpied.com. If you load component from img.phpied.com, the cookie from phpied.com will be sent again. In Firefox this doesn't seem to be the case, but in IE it is.
Here are two test scripts that demonstrate the behavior:
Load both of these pages and then reload them to see what cookies are sent. They both try to set cookies in all possible ways:
- omitting the domain name
- .domain.com
- domain.com
- www.domain.com
Here's the source code of the files:
nowww.php [test]
setcookie('no0', 'no www, no domain'); setcookie('no1', 'no www, .phpied.com', 0, '/', '.phpied.com'); setcookie('no2', 'no www, phpied.com', 0, '/', 'phpied.com'); setcookie('no3', 'no www, www.phpied.com', 0, '/', 'www.phpied.com'); echo '<pre>'; print_r($_COOKIE);
yeswww.php [test]
setcookie('yes0', 'yes www, no domain'); setcookie('yes1', 'yes www, .phpied.com', 0, '/', '.phpied.com'); setcookie('yes2', 'yes www, phpied.com', 0, '/', 'phpied.com'); setcookie('yes3', 'yes www, www.phpied.com', 0, '/', 'www.phpied.com'); echo '<pre>'; print_r($_COOKIE);
Loading the two pages twice shows how in IE, no0, no1, and no2 are all visible when using www as well as when not using it. In Firefox it's almost the same, only that no0 is not visible when using www.
As a take-home:
- use www
- write cookies to the appropriate domain level (e.g. don't write to *.domain.com)
May 13th, 2008 at 10:50 pm
www is misused. And here you again offer to force adding it.
In either way, in cookies you should save only an identifier of a user. Standart PHP session, for example, is 32 symbols length. That is 32 bytes. Remove 4 bytes which are added with “www.” - this leaves 28 bytes. 28 god damn bytes. And you are seriously offering this as a performance win. Who are kidding? If you are this concerned about size, minify all your URLs. Why have “www-vs-no-www-and-cookies”? “www-cookies” is enough.
Also, if you are really this concerned to think about 28 bytes, work with pictures more. PNG can be compressed a lot with fine tuning.
Finally, note, that services under heavy load use a different domain for their statics. (see yimg.com for Yahoo and ytimg.com for Youtube for example) Cookies are not sent to a different domain anyway.
By using www, though, you are just making the misunderstanding of simple users “Internet is WWW, that is World Wide Web” stronger. And this is really bad, because I, for instance, hate it, when you say to a person “Go to phpied.com” and he replies “where?” After some time it is revealed, that he heard the address correctly, but he did not understand it was an internet address. He thought all internet address begin with http://www.
Check out http://no-www.org/
No offence meant, everything is just my opinion, please be friendly. ^_^
May 14th, 2008 at 11:23 am
[...] Stoyan Stefanov has come up against one of the frustrations of web development involving cookies - problems caused by the switch from a “www.” in the host to none. He’s come up with a test to show you how cookies are set and where you can access them from. One of the implications of following the rule is related to the whole www vs no-www question. Basically you should always use www if you’re planning to use any other sub-domains and you want them cookie-free. This is because you have no way to set a cookie only to the top-level domain. [...]
May 15th, 2008 at 12:34 am
[...] Very good article of using cookies with domains including www and without it. Why it is important to use or not to use cookies, and some grate tips you would find in this post. One of Yahoo’s performance rules says: Use cookie-free domains for static components. This is good because the server has no use for cookie information when serving a JPEG or another static component, so all this cookie information creates network traffic for no reason. [...]
August 22nd, 2008 at 3:09 pm
Denis, the byte length of the domain name is not the problem. When you set a cookie to a top level domain like whatever.org, that cookie is sent by most browsers to any other server, like images.whatever.org. The images server doesn’t need the cookies, so the performance issue is the overhead of sending a cookie with every image for no reason. While some companies use a separate domain for non-HTML media, not all do. Additionally, you might want to try decaf. It’s easier on the nerves.