180 likes | 337 Views
CS193H: High Performance Web Sites Lecture 23: Vol 2 – Make static content cookie-free, Reduce cookie weight, To WWW or not to WWW. Steve Souders Google souders@cs.stanford.edu. announcements. Final exam locations: Dec 9, 12:15-3:15 – Gates B03 Dec 12, 12:15-3:15 – Gates B01.
E N D
CS193H:High Performance Web SitesLecture 23: Vol 2 – Make static content cookie-free, Reduce cookie weight, To WWW or not to WWW Steve Souders Google souders@cs.stanford.edu
announcements Final exam locations: Dec 9, 12:15-3:15 – Gates B03 Dec 12, 12:15-3:15 – Gates B01
Set-Cookie response header HTTP/1.1 200 OK Set-Cookie: MSNPPAuth=B*eDP3m4...WELr; expires=Wed, 30-Dec-2037 16:00:00 GMT;domain=.live.com;_path=/; domain, path, and expires in the cookie header max size ~4K (varies by browser) one header per cookie cookie is stored by the client (browser) only valid if domain matches current page
Cookie response header GET /results.aspx?q=flowers HTTP/1.1 Host: search.live.com Cookie:_MSNPPAuth=B*eDP3m4...WELr;_SRCHUID=V=1&GUID=83F46965E90240739918C1047F88FD26;_SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20081129; ... cookie sent back to server on subsequent requests that match the domain and path all cookies sent in one request header "; " delimited
Cookie size total size of all cookies November 2008
Cookie impact http://yuiblog.com/blog/2007/03/01/performance-research-part-3/ cookies on static resources multiplies the delay largest packet MTU (Maximum Transmission Unit) for Ethernet: 1500 bytes
Live Search cookies sent http://search.live.com/results.aspx?q=flowers http://search.live.com/.../brand_c.css http://search.live.com/.../serp_c.css http://search.live.com/.../scopebar2_c.css http://search.live.com/.../answerAll_c.css http://search.live.com/.../asset4.gif http://search.live.com/.../cbcoin.gif http://search.live.com/.../main.js seven static resources contain the Cookie request header (1938 bytes), even though cookies don't affect the response 7 x 1938 bytes = 13.5K (upstream!)
Static resource cookie size worse on sites without CDN? November 2008
cookie-free static content takeaway: serve static content without cookies different domain (rule 2 – use a CDN) different path ("/app" versus "/images")
Cookie expiration long expirations are handled differently for HTTP resources versus cookies: avoid cached resources by removing the reference or changing the name cookies are always sent, regardless of HTML content server can't see domain, path, and expiration it's hard to avoid cookies with long expirations
Cookie expiration average expiration time across all persistent cookies November 2008
Reduce cookie weight use session-based cookies when possible use short expirations in other cases avoid using cookies instead of a user database set domain and path as tight as possible track and purge cookies – maintain a cookie whitelist and remove outsiders Set-Cookie:_MSNPPAuth=;_domain= .live.com;path=/;
Cookie questions max size for a single cookie max total size for all cookies for a single domain across all domains max # of cookies for a single domain across all domains how cookies are purged FIFO LIFO contact me if you'd like to do this study
"www" redirects how should "www" work for yourdomain.com? http://yourdomain.com/ redirects to http://www.yourdomain.com/ slower (redirect) both work cookies • cookies issued on yourdomain.com go to subdomains • cookies issued on www.yourdomain.com don't go to yourdomain.com avoid caching two copies of each resource • http://yourdomain.com/logo.gif • http://www.yourdomain.com/logo.gif
Top 10 "www" redirects cookie domain is not the reason for redirecting November 2008
Two copies of resources if Wikipedia doesn't redirect, how do they avoid downloading two copies of resources? different domain for resources: http://wikipedia.org/ http://upload.wikimedia.org/.../174px-Wikipedia-word.png http://upload.wikimedia.org/.../Bookshelf-40x20.png what about resources on document's server? relative URLs – shorter but two copies full URLs – longer but single copy BASE HREF – short and single copy (but how come no one uses this?) recommendation: don't redirect for "www"
Homework 12/1 11:59pm – Assignment #6 - Improving a Top Site rules 11-14 Vol 2: • Split the Initial Payload • Load Scripts Without Blocking • Don't Scatter Inline Scripts • Shard Dominant Domains • Optimize Images
Questions What are cookies used for? How does the browser decide which cookies to send? When does it stop sending a cookie? What's a session-based cookie and how do you create one? Why is it wasteful to send cookies on requests for static resources, and how can it be avoided? Why are long expiration dates more problematic for cookies than HTTP resources? What are techniques for reducing cookie weight? What are the choices for handling "www"? List the pros and cons, and recommended solution.