Anjanesh

Assignment Statements, Comparisons & Observations
Font: Size: + -

To WWW or not to

Monday, July 26, 2010

I've always been fond of naked domains. (FYI, http://mydomain.com is a naked domain, since it doesn't have www in front of it).
Lesser characters to type, see, spell out, hear and read. Much lesser overall energy.
I've always wondered why google.com always redirected to www.google.com and why Google App Engine stopped supporting mapping of an app to a naked URL. May not be the reason as mentioned here, but it does have its advantages.
So I joined the party a bit too late, but I am glad that I was not any later.
One of the advantages of using a subdomain (www is also a subdomain, it just so happens to be the default typing scheme for a website when the World Wide Web was born) is that cookies, if any, are transported to and forth - in the request and response headers - for that subdomain only.
If you have Web Developer, a FireFox addon, you can view all the cookies associated with a URL in the address bar.

Web Developer Toolbar

Here is a one liner php script to demonstrate this :

<?php setcookie("UserID", "23", time() + 3600, "/", "anjanesh.net") ?>

http://www.anjanesh.net/cookie.php

Cookies on www

http://test.anjanesh.net/cookie.jpg

Cookies on test

Lets re-iterate the above, this time without typing in www for the first URL. CTRL + SHIFT + DEL and clear all cookies.

http://anjanesh.net/cookie.php

Cookies on naked domain

http://test.anjanesh.net/cookie.jpg

Cookies on test again

Now, when requesting for a pure jpg image, the cookie information is sent across to the server which is 17 bytes (Cookie: UserID=23) of useless data.
You can use Live HTTP Headers FireFox addon to view real-time browser-request and server-response headers.

http://anjanesh.net/cookie.php

GET /cookie.php HTTP/1.1
Host: anjanesh.net
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8pre) Gecko/20100710 Ubuntu/9.10 (karmic) Namoroka/3.6.8pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Jul 2010 01:14:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Set-Cookie: UserID=23; expires=Fri, 25-Jul-2010 02:14:18 GMT; path=/; domain=anjanesh.net
Content-Encoding: gzip
----------------------------------------------------------
http://test.anjanesh.net/cookie.jpg

GET /cookie.jpg HTTP/1.1
Host: test.anjanesh.net
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8pre) Gecko/20100710 Ubuntu/9.10 (karmic) Namoroka/3.6.8pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: UserID=23
HTTP/1.1 200 OK Server: nginx Date: Fri, 25 Jul 2010 01:14:21 GMT Content-Type: image/jpeg Connection: keep-alive Last-Modified: Thu, 29 Nov 2007 03:54:05 GMT Etag: "27284bc-8291-4400943e7f140" Accept-Ranges: bytes Content-Length: 33425 ----------------------------------------------------------

From Y!'s Best Practices for Speeding Up Your Web Site :

If your domain is www.example.org, you can host your static components on static.example.org. However, if you've already set cookies on the top-level domain example.org as opposed to www.example.org, then all the requests to static.example.org will include those cookies.

But its not always possible to safe-guard this if your users don't type the www and you forget to force redirection to http://www
The best solution would be use a completely different domain name as a cookieless domain for static content.

Initially, I did not set the path & domain parameters in setcookie()

<?php setcookie("UserID", "23", time() + 3600) ?>

This does not send cookies across to the subdomain requests even when the cookie was set to the naked URL.
This does not even send cookies across to different paths.
But some browsers, or old browsers may behave differently, automatically adding cookies to *.example.org as Y! pointed out.

Related :

1 comments:

Dokemion said...

I'll be in xhtml training next week. So I told myself I should browse around the web and have a little review on what I'm up into. Thanks for this post.