vivday wrote: ↑
Wed Nov 06, 2019 12:29 pm
I want to use a cookie-free domain for static content like images, js, and css files.
What is "cookie-free domain" expected to achieve, exactly?
Meaning, is there a specific need "to ensure that cookies are neither saved nor sent?" (i.e. Existence of the cookies themselves are the issue, even in scenarios where the cookies are unused.)
Or are we saying that "I don't want requests for static content to have the overhead of maintaining phpBB's session management and user setup?" (i.e. The thing that the cookies are actually being employed to achieve in phpBB.) (Spoiler alert: this is already avoided for static content.)
Using phpBB's documented recommended cookie settings, the web browser is still going to send the saved phpBB cookies even for requests outside of the /forum folder. But whether that's an issue, or exactly what should be recommended, depends on what was expected to be achieved.
Perhaps also confirm whether your phpBB forum's domain name already involves a subdomain (e.g. www.
mydomain.com, or support.mydomain.com) versus your cookie domain being currently set to just "mydomain.com" or ".mydomain.com".