I have trouble to set up the 'cdn' module for cookieless subdomains. Basically the same question was asked in #981148: Image Cache + Origin Pull mode + CNAME subdomains a couple of years ago (probably no answers because of issue hijacking ;)

My setup is based on the suggestions from the 'parallel' project page: Three self-hosted (sharded) subdomains are supposed to deliver cookieless JS, CSS, and images. I'd like to have cookieless subdomains, because the site runs behind a reverse proxy (Varnish) and cookies seem to prevent static content from being cached. At least that's what I'm seeing in the file's headers when inspected with something like Firebug.

The thee static subdomains are configured with Apache's virtual hosts like so:

<VirtualHost *:8081>
  ServerName cdn.example.com
  <Directory /var/www/example >
    RequestHeader unset Cookie
    Header unset Set-Cookie
    […]
  </Directory>
</VirtualHost>

I'm using redirect rules like suggested in #1060358: CDN and SEO to prevent duplicate content issues, so the dynamic content should be delivered from www.example.com with cookies, the static content should be routed through 'cdn' module to the static subdomains with the following CDN mapping:

  http://css.example.com|.css
  http://js.example.com|.js
  http://cdn.example.com|.jpg .jpeg .gif .png .ico

At this point, I'm quite confused, where and how the unsetting of cookies is supposed to happen: At the webserver level, by Varnish's VCL directives, by the 'cdn' modules, or by just another module like Cookieless Subdomain (an practically undocumented module).

From the code of cookieless_subdomain.module;

* Subdomain handling for static resources
* The idea is that you have a couple of subdomains. For each resource there
* is one subdomain chosen and used to include the resource in your html. The
* subdomain remains the same for an individual resource.

That sounds very close to the description of the 'parallel' module which was integrated into the 'cdn' module. This rises the question, if cookieless_subdomain.module should be integrated into the 'cdn' module as well, or if 'cdn' module does already do, what the Cookieless Subdomain module does.

Any suggestions are greatly appreciated!

Comments

asb’s picture

asb CreditAttribution: asb commented
Issue summary: View changes
Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers as a volunteer commented
Status: Active » Fixed

Either:

  1. Don't use subdomains, but a separate domain for assets. Cookies are only shared within one domain, so if assets are served from a different domain, cookies are never sent.
  2. Make sure the cookies are only sent to the same domain. I.e. bind them to www.example.com instead of to example.com. But this prevents you from using a no-www domain.

That's it off the top off my head.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.