The content has been bookmarked!
There was an error bookmarking this content! Please retry.
Posted by Gavin Terrill on Sep 03, 2007
In the past, IE’s cookie jar stored a maximum of 20 cookies per domain. If more than 20 cookies were sent by the server, older cookies were automatically dropped by the browser. The dropped cookies could lead to lost website settings, an empty web shopping basket, or similar problems.The 20 cookie limit dates back to the original Netscape preliminary specification: Client Side State - HTTP Cookies. While an increase to 50 cookies for Internet Explorer may sound like an improvement, there are significant performance implications when you take into account the increased request size and slower upload speeds:
Unfortunately, cookies can dramatically impact the size of HTTP requests, slowing down the user’s browsing experience significantly. Many of today’s web users have connections with asymmetrical bandwidth, having download speeds 2 to 5 times faster than their upload speeds. This means that in some cases, HTTP request size is a more important factor than the size of the server’s response in determining overall transfer time.Eric offers three strategies to deal with these implications:
The last strategy is similar to the second, except that you can undertake it with just one domain. If you can keep all of your pages that need access to cookies within a single path (e.g. http://example.com/webapp/) you can use the Path attribute on the cookie to specify that the cookie should only be sent for requests within that path. This will ensure that requests sent outside of that path (e.g. http://example.com/images/) are not forced to carry unneeded cookies.
If your cookies are only used by your server, and your scripts don’t require access to your cookies, use the HttpOnly attribute to help protect your site against cookie theft via cross-site scripting attacksThe HttpOnly attribute was introduced in Internet Explorer 6 SP1. It will also be supported in Firefox 3, and is available as a FireFox Add-On now.
SOA All-In-One Guide: KPIs & Best Practices, ESB Report
Agile Development: A Manager's Roadmap for Success
Agile Practices to Improve Project Management Organization (PMO) Effectiveness
Federated Identity Management and Single Sign On
Improve Java Garbage Collection, Runtime Execution, and JVM visibility with Zing
Attila Szegedi talks about performance tuning Java and Scala programs at Twitter: how to approach GC problems, the importance of asynchronous I/O, when to use MySQL/Cassandra/Redis, and much more.
One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor.
InfoQ spoke to the authors of Software Systems Architecture on a couple of new topics, the System Context viewpoint and Agile, which have been added to the second edition.
Alex Papadimoulis discusses ugly code, where it comes from, how to avoid it, and how to get rid of it.
John Davies examines Visa’s architecture and shows how enterprises have architected complex integrations incorporating Hadoop, memcached, Ruby on Rails, and others to deliver innovative solutions.
Sean Comerford unveils ESPN.com’s architecture, what components are used and why, and the current changes the website goes through.
Are there repeated patterns of failure on Enterprise Agile Enablement efforts? Sanjiv and Arlen discuss Seven Deadly Sins to avoid when adopting Agile in an enterprise.
Erik Dörnenburg answers: What is Enterprise and Evolutionary Architecture?, discussing 4 issues: Turning strategy into execution, Ensuring conformance, Where do the architects sit? Buying or building?
No comments
Watch Thread Reply