setting up a cookie less sub domain

subdomain cdn cookieless cloudflare
Anik Chakraborty picture Anik Chakraborty · Jan 4, 2013 · Viewed 14.8k times · Source

previously I served images for my site (http://example.com) from these two folders : http://example.com/images and http://example.com/pics

Now I have created a sub domain img.examole.com and moved those folders to http://img.example.com/pics and http://img.example.com/images locations. I have also blocked access to http://example.com/img folder by editing .htaccess file so that the sub-domain can not be accessed as a directory of main site. It only can be accessed as http://img.example.com

How can I make this http://img.example.com subdomain a cookie less sub-domain? Or can I add this http://img.example.com sub-domain to cloudflare? I do not want to add the main domain http://example.com to cloud flare. When I am trying to add http://example.com to cloud flare from my CPanel it is showing :

A type records cannot be directly routed though the CloudFlare network. Instead, click here and either switch the type of img.example.com. to CNAME

I have changed the image location to http://img.example.com/pics in all my articles. How to fix this? plz help..

Answer

Alexei Levenkov picture Alexei Levenkov · Jan 4, 2013

Being cookie-less and served by CDN are unrelated properties of a domain.

To make some domain cookie-less for your site you simply should not set cookies visible on that domain and make sure any other third party code you use on your site does not do so.

It is generally inconvinient to avoid cookies from example.com to not not be visible on sub-domains (often sites are served from 2 locations www.example.com and example.com). If you are fine to having cookies on just example.com - make sure that all set-cookie headers specify exact domain ("example.com" not ".example.com") so cookies will not be visible on any subdomain. Another option is to move main site to subdomain and set cookies there (i.e. www.example.com), than again cookies will not "leak" to sibling sub-domains (i.e. "img.example.com")

It may be better idea to host static content on totally separate domain name - easier to controll cookies and potentially more posibilities for CDN (i.e. in some cases HTTPS traffic from CDN may require different actions for custom and CDN-provided domain).

Related questions

How do I get a list of all subdomains of a domain?

I want to find out all the subdomains of a given domain. I found a hint which tells me to dig the authoritative Nameserver with the following option: dig @ns1.foo.bar some_domain.com axfr But this never works. …

Read More
Share cookie between subdomain and domain

I have two questions. I understand that if I specify the domain as .mydomain.com (with the leading dot) in the cookie that all subdomains can share a cookie. Can subdomain.mydomain.com access a cookie created in mydomain.com (…

Read More
"Could not get any response" response when using postman with subdomain

I am using postman to test an API I have, all is good when the request does not contain sub-domain, however when I add a sub-domain to URL I am getting this response. Could not get any response There was …

Read More