Presentation on theme: "CS193H: High Performance Web Sites Lecture 23: Vol 2 – Make static content cookie- free, Reduce cookie weight, To WWW or not to WWW Steve Souders Google."— Presentation transcript:
CS193H: High Performance Web Sites Lecture 23: Vol 2 – Make static content cookie- free, Reduce cookie weight, To WWW or not to WWW Steve Souders Google
announcements Final exam locations: Dec 9, 12:15-3:15 – Gates B03 Dec 12, 12:15-3:15 – Gates B01
Set-Cookie response header HTTP/ OK Set-Cookie: MSNPPAuth=B*eDP3m4...WELr; expires=Wed, 30-Dec :00:00 GMT; domain=.live.com;_path=/; domain, path, and expires in the cookie header max size ~4K (varies by browser) one header per cookie cookie is stored by the client (browser) only valid if domain matches current page
Cookie response header GET /results.aspx?q=flowers HTTP/1.1 Host: search.live.com Cookie:_MSNPPAuth=B*eDP3m4...WELr;_SRCHUID=V =1&GUID=83F46965E C1047F88FD26;_ SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB= ;... cookie sent back to server on subsequent requests that match the domain and path all cookies sent in one request header "; " delimited
Cookie size cookie size (bytes) comments aol.com 494"stay signed in" checked ebay.com 1038"keep me signed in" checked facebook.com 990"remember me" checked google.com/search 417logged in to iGoogle and YouTube search.live.com/results 1938 "remember me" and "remember my password" checked msn.com 1063logged in thru search.live.com myspace.com 2027"remember me" checked en.wikipedia.org/wiki 134"remember me" checked yahoo.com 677"keep me signed in" checked youtube.com 597also logged in to iGoogle November 2008 total size of all cookies
Cookie impact cookies on static resources multiplies the delay largest packet MTU (Maximum Transmission Unit) for Ethernet: 1500 bytes cookie sizeresponse time delta 500 bytes1 ms 1000 bytes16 ms 1500 bytes31 ms 2000 bytes47 ms 2500 bytes63 ms 3000 bytes78 ms
Live Search cookies sent seven static resources contain the Cookie request header (1938 bytes), even though cookies don't affect the response 7 x 1938 bytes = 13.5K (upstream!)
Static resource cookie size cookie size (bytes) static resources on same domain wasted bytes aol.com ebay.com facebook.com google.com/search search.live.com/results ,566 msn.com myspace.com ,054 en.wikipedia.org/wiki yahoo.com youtube.com 5971 November 2008 worse on sites without CDN?
cookie-free static content takeaway: serve static content without cookies different domain (rule 2 – use a CDN) different path ("/app" versus "/images")
Cookie expiration long expirations are handled differently for HTTP resources versus cookies: avoid cached resources by removing the reference or changing the name cookies are always sent, regardless of HTML content server can't see domain, path, and expiration it's hard to avoid cookies with long expirations
Cookie expiration cookie size (bytes) avg expires (months) aol.com ebay.com facebook.com 9901 google.com/search search.live.com/results msn.com myspace.com en.wikipedia.org/wiki 1341 yahoo.com youtube.com November 2008 average expiration time across all persistent cookies
Reduce cookie weight use session-based cookies when possible use short expirations in other cases avoid using cookies instead of a user database set domain and path as tight as possible track and purge cookies – maintain a cookie whitelist and remove outsiders Set-Cookie:_MSNPPAuth=;_domain=.live.com; path=/;
Cookie questions max size for a single cookie max total size for all cookies for a single domain across all domains max # of cookies for a single domain across all domains how cookies are purged FIFO LIFO contact me if you'd like to do this study
"www" redirects how should "www" work for yourdomain.com? redirects to slower (redirect) both work cookies cookies issued on yourdomain.com go to subdomains cookies issued on don't go to yourdomain.com avoid caching two copies of each resource
redirectcookie domain aol.com yes.aol.com ebay.com yes.ebay.com facebook.com yes.facebook.com google.com yes.google.com live.com yes.live.com msn.com yes.msn.com myspace.com yes.myspace.com wikipedia.org no.wikipedia.org yahoo.com yes.yahoo.com youtube.com yes.youtube.com Top 10 "www" redirects November 2008 cookie domain is not the reason for redirecting
Two copies of resources if Wikipedia doesn't redirect, how do they avoid downloading two copies of resources? different domain for resources: what about resources on document's server? relative URLs – shorter but two copies full URLs – longer but single copy BASE HREF – short and single copy (but how come no one uses this?) recommendation: don't redirect for "www"
Homework 12/1 11:59pm – Assignment #6 - Improving a Top Site rules Vol 2: Split the Initial Payload Load Scripts Without Blocking Don't Scatter Inline Scripts Shard Dominant Domains Optimize Images
Questions What are cookies used for? How does the browser decide which cookies to send? When does it stop sending a cookie? What's a session-based cookie and how do you create one? Why is it wasteful to send cookies on requests for static resources, and how can it be avoided? Why are long expiration dates more problematic for cookies than HTTP resources? What are techniques for reducing cookie weight? What are the choices for handling "www"? List the pros and cons, and recommended solution.