« Bookmarklet maker tool
Kiss alive »

www vs no-www and cookies

One of Yahoo's performance rules says: Use cookie-free domains for static components. This is good because the server has no use for cookie information when serving a JPEG or another static component, so all this cookie information creates network traffic for no reason.

One of the implications of following the rule is related to the whole www vs no-www question. Basically you should always use www if you're planning to use any other sub-domains and you want them cookie-free. This is because you have no way to set a cookie only to the top-level domain. So for example you cannot write a cookie only to phpied.com. If you load component from img.phpied.com, the cookie from phpied.com will be sent again. In Firefox this doesn't seem to be the case, but in IE it is.

Here are two test scripts that demonstrate the behavior:

Load both of these pages and then reload them to see what cookies are sent. They both try to set cookies in all possible ways:

  1. omitting the domain name
  2. .domain.com
  3. domain.com
  4. www.domain.com

Here's the source code of the files:

nowww.php [test]

<?php
setcookie('no0', 'no www, no domain');
setcookie('no1', 'no www, .phpied.com', 0, '/', '.phpied.com');
setcookie('no2', 'no www, phpied.com', 0, '/', 'phpied.com');
setcookie('no3', 'no www, www.phpied.com', 0, '/', 'www.phpied.com');

echo '<pre>';
print_r($_COOKIE);
?>

yeswww.php [test]

<?php
setcookie('yes0', 'yes www, no domain');
setcookie('yes1', 'yes www, .phpied.com',    0, '/', '.phpied.com');
setcookie('yes2', 'yes www, phpied.com',     0, '/', 'phpied.com');
setcookie('yes3', 'yes www, www.phpied.com', 0, '/', 'www.phpied.com');

echo '<pre>';
print_r($_COOKIE);
?>

Loading the two pages twice shows how in IE, no0, no1, and no2 are all visible when using www as well as when not using it. In Firefox it's almost the same, only that no0 is not visible when using www.

As a take-home:

  • use www
  • write cookies to the appropriate domain level (e.g. don't write to *.domain.com)

This entry was posted on Tuesday, May 13th, 2008 and is filed under performance, php. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


Get notification for future posts: follow me on Twitter or subscribe to my RSS feed

Somewhat related posts

9 Responses to “www vs no-www and cookies”

  1. Denis Says:
    May 13th, 2008 at 10:50 pm

    www is misused. And here you again offer to force adding it.
    In either way, in cookies you should save only an identifier of a user. Standart PHP session, for example, is 32 symbols length. That is 32 bytes. Remove 4 bytes which are added with “www.” - this leaves 28 bytes. 28 god damn bytes. And you are seriously offering this as a performance win. Who are kidding? If you are this concerned about size, minify all your URLs. Why have “www-vs-no-www-and-cookies”? “www-cookies” is enough.
    Also, if you are really this concerned to think about 28 bytes, work with pictures more. PNG can be compressed a lot with fine tuning.
    Finally, note, that services under heavy load use a different domain for their statics. (see yimg.com for Yahoo and ytimg.com for Youtube for example) Cookies are not sent to a different domain anyway.
    By using www, though, you are just making the misunderstanding of simple users “Internet is WWW, that is World Wide Web” stronger. And this is really bad, because I, for instance, hate it, when you say to a person “Go to phpied.com” and he replies “where?” After some time it is revealed, that he heard the address correctly, but he did not understand it was an internet address. He thought all internet address begin with http://www.
    Check out http://no-www.org/

    No offence meant, everything is just my opinion, please be friendly. ^_^

  2. Stoyan Stefanov’s Blog: www vs no-www and cookies | Development Blog With Code Updates : Developercast.com Says:
    May 14th, 2008 at 11:23 am

    [...] Stoyan Stefanov has come up against one of the frustrations of web development involving cookies - problems caused by the switch from a “www.” in the host to none. He’s come up with a test to show you how cookies are set and where you can access them from. One of the implications of following the rule is related to the whole www vs no-www question. Basically you should always use www if you’re planning to use any other sub-domains and you want them cookie-free. This is because you have no way to set a cookie only to the top-level domain. [...]

  3. www vs no-www and cookies | PHP Readings Says:
    May 15th, 2008 at 12:34 am

    [...] Very good article of using cookies with domains including www and without it. Why it is important  to use or not to use cookies, and some grate tips you would find in this post. One of Yahoo’s performance rules says: Use cookie-free domains for static components. This is good because the server has no use for cookie information when serving a JPEG or another static component, so all this cookie information creates network traffic for no reason. [...]

  4. Yao Uno Igor Says:
    August 22nd, 2008 at 3:09 pm

    Denis, the byte length of the domain name is not the problem. When you set a cookie to a top level domain like whatever.org, that cookie is sent by most browsers to any other server, like images.whatever.org. The images server doesn’t need the cookies, so the performance issue is the overhead of sending a cookie with every image for no reason. While some companies use a separate domain for non-HTML media, not all do. Additionally, you might want to try decaf. It’s easier on the nerves.

  5. Matt Says:
    July 11th, 2009 at 10:39 am

    Denis, when you use the HTTP protocol, you are on the World Wide Web which is a part of the Internet. Are you trying to say that a website is not part of the World Wide Web? The World Wide Web is a combination of http, html, and browsers - invented by Tim Berners-Lee. I’m not sure what you are getting at as including www would just enforce the fact that the website is part of the World Wide Web (which is true). And yes, I’m familiar with no-www.org, and I support it only because it is faster to omit the www, not because it doesn’t make sense to use http://www.

    http://www.webopedia.com/DidYouKnow/Internet/2002/Web_vs_Internet.asp

  6. Mathias Bynens Says:
    December 14th, 2009 at 4:59 am

    Interesting research! However, I can’t help but feel like you’ve drawn the wrong conclusion. Saying using www in your URLs is part of the solution is simply incorrect.

    Obviously, it’s a bad idea to allow a web page to be visited by two distinct URLs, i.e. http://www.phpied.com/ vs. http://phpied.com/. This article names one of the reasons (no-www cookies may not be read when a user switches from to www and vice versa), but obviously there are other reasons, such as SEO (search engines will see both URLs as separate documents) and uniformity. In a way, you could even say making a choice between www and no-www and sticking to it, prevents users from getting confused.

    TL;DR: Just make a choice between www and no-www and stick to it. Problem solved.

  7. Mathias Bynens Says:
    December 14th, 2009 at 5:03 am

    Just to be clear: you should of course redirect to the variant of your choice, i.e. if you want to use no-www, you should redirect from yes-www URLs and vice versa.

  8. Stuart Says:
    December 14th, 2009 at 5:07 am

    Alternatively you could use a separate domain-name for static files.

  9. Gary Says:
    December 14th, 2009 at 2:13 pm

    If you use Google Analytics, then the cookies that provides is via *.example.com - so, as per their tutorial page, you’ll *have to* use a separate domain name for static files if you want to keep it cookie-free (at least pre-asynchronous tracking anyway).

    http://code.google.com/speed/page-speed/docs/request.html#ServeFromCookielessDomain

Leave a Reply