MaxCDN Help Center

  1. MaxCDN
  2. Getting Started
  3. Additional Guides

Use CDN With Cookie-set Sent From Origin

Avatar
PeterS
Updated:

There are scenarios where cookies can be used on your website and set-cookie is used on origin files used for authentication, session id, etc.

By nature, cookies are un-cacheable and therefore files containing them are also un-cacheable. This leads to more origin pulls and a bad experience when loading CDN assets containing set-cookie. 

This article will show you how to use the Strip All Cookies setting to help mitigate some of this. 

This tutorial assumes you have already created a Pull Zone.

Verifying the Header and Caching

Let's take a look at how to verify that the CDN is not caching a file that is carrying the Set-Cookie header.

HTTP header containing set-cookie:

HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: name=value
Set-Cookie: name2=value2; Expires=Fri, 05-Apr-2013 10:11:12 GMT

You can verify the CDN is not caching this file (or these files) by running a cURL command like:

curl -I http://foo.bar.netdna-cdn.com/file.ext
HTTP/1.1 200 OK
Date: Fri, 05 Apr 2013 14:12:20 GMT
Content-Type: text/css
Connection: keep-alive
Cache-Control: max-age=999999, public
Expires: Thu, 21 May 2014 20:00:00 GMT
Vary: Accept-Encoding
Last-Modified: Thu, 24 Jan 2013 20:00:00 GMT
Set-Cookie: Name=xxxxxxxxxxxxxxxxxxxxxxxxxx; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.domain.com
Server: NetDNA-cache/2.2
X-Cache: MISS  <----------------  FILE NOT CACHED

A solution for this gap would be to simply ignore cookies in requests and force CDN to cache the file(s).

Stripping Cookies at the CDN

We have implemented a useful option you can reach through the control panel -- Strip All Cookies:

strip-cookies

Re-run the previous command and you should be able to verify that file is now successfully cached: (X-Cache: HIT):

curl -I http://foo.bar.netdna-cdn.com/file.ext
HTTP/1.1 200 OK
Date: Fri, 05 Apr 2013 14:12:20 GMT
Content-Type: text/css
Connection: keep-alive
Cache-Control: max-age=999999, public
Expires: Thu, 21 May 2014 20:00:00 GMT
Vary: Accept-Encoding
Last-Modified: Thu, 24 Jan 2013 20:00:00 GMT
Set-Cookie: Name=xxxxxxxxxxxxxxxxxxxxxxxxxx; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.domain.com
Server: NetDNA-cache/2.2
X-Cache: HIT  <----------------  FILE CACHED
If you use CloudFlare you will follow same settings, as CF adds set-cookie to origin files preventing the CDN from caching those files. Refer to this page: How to use the CDN with CloudFlare

Flow Scheme

We hope this article was helpful. As always, If you have any questions or concerns about any of the topics mentioned in this article, please feel free to reach out to support - we are available 24/7 by chat or email!

Was this article helpful?

Related articles

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Contact Us