Best practice is to serve static content without cookies attached.
To achieve this people generally split static content out to a cookie free domain.
Is there a way to serve both dynamic (with cookies) and static content (without cookies) from the same domain? ie. is it possible to scope cookies by resource as well as by domain/sub-domain?[hr]
Answering my own question (maybe I should have seached a little longer), it would seem that provision for this already exists by setting the ‘path’ attribute on the cookie.
Setting the path attribute to a subset of the urls being served by a domain allows for the tightening of the scope of a cookie.
So we can split the site like so:
Then limit the cookie to a domain of my.example.com and a path of /dynamic
This should mean that browsers will not supply a cookie when requesting resources from my.example.com/static
Are there any pitfalls (eg. lack of browser support) to using the path attribute on a cookie?