ASP.NET generates some large cookies if you are using ASP.NET membership provider. Especially if you are using the Anonymous provider, then a typical site will send the following cookies to every request when a user is logged in, whether the request is to a dynamic page or to any static resource:
There are 517 bytes of worthless data being sent to every CSS, JS and images from the browser to your webserver!
You might think 517 bytes is peanuts. Do the math:
- Average page has 40 requests to server. 40 x 517 bytes = 20 KB per page view.
- 1M page views = 20 GB
- That’s 20GB of data getting uploaded to your server for just 1M page views. It does not take millions of users to produce 1M page views. Around 100k+ users using your site every day can produce 1M page views every day.
Here’s how to prevent this:
- Setup a new website and map a different subdomain to it. If your main site is
<a href="http://www.yoursite.com/">www.yoursite.com</a>, then map
static.yoursite.com to it.
- Manually change all the
<link>, <script>, <img> css url(…) and prefix each resource with
- If you don’t want to do it manually, use this solution I have done before.
- Add a Global.asax and in the
EndRequest, do this trick:
HttpContext context = HttpContext.Current;
List<string> cookiesToClear = new List<string>();
foreach (string cookieName in context.Request.Cookies)
HttpCookie cookie = context.Request.Cookies[cookieName];
foreach (string name in cookiesToClear)
HttpCookie cookie = new HttpCookie(name, string.Empty);
cookie.Expires = DateTime.Today.AddYears(-1);
This code reads all the cookies it receives from request and expires them so that browser does not send those cookies again. If by any chance, ASP.NET cookies get injected into the
static.yoursite.com domain, this code will take care of removing them.