WordPress.org

Ready to get started?Download WordPress

Forums

PhotoDropper
Unecessary Photodropper cookies burst cache (3 posts)

  1. Otto Kekäläinen
    Member
    Posted 1 year ago #

    Photodropper seems to set to every visitors these two cookies:
    pdrp_mark_install (value '1') and pdrp_mark_welcome (value '1').

    This is bad practice for several reasons:

    • these cookies are sent along every single http request the visitors browser make, adding for extra traffic
    • these cookies burst caches in vain

    I particular the latter point is a big issue. When any proxies or caches in the server end or in closer to the visitor tires to cache some of the files transferred over http, these cookies stop it from happening. Even though the cache and expire headers are OK, the mere presence of cookies makes proxies assume that the content varies for visitors who have different values in the cookies, thus nothing is actually cached.

    Please consider alternative ways to do what you do. If I'd know what the purpose of these cookies is, I could give some implementation suggestions.

    I think you could maybe manage without setting cookies at all for regular visitors and set the cookies only for site admins. For site admins you could also even save you stuff in the PHP session store and avoid Photodropper-specific cookies.

    http://wordpress.org/extend/plugins/photo-dropper/

  2. photodropper
    Member
    Plugin Author

    Posted 1 year ago #

    Hey Otto,

    Thanks for bringing this up!

    We definitely don't want to be setting those cookies for non-admin/author users but from my end it doesn't look like that's happening.

    Can you confirm that if you clear your cookies and view the site without logging in that those values get set?

    I considered using sessions, but since WP tends not to rely on them, I've found that there's no guarantee a user's server supports them without issue.

    Thanks for your help!
    Nicky Hajal
    PhotoDropper Developer

  3. Otto Kekäläinen
    Member
    Posted 1 year ago #

    Yes, I can confirm.

    Tests to reproduce:
    1. Open http://coss.fi/luokka/uutiset/ with Firefox
    2. Open Firebug Cookies tab and delete all cookies
    3. Reload and you will get following http headers:

    Set-Cookie pdrp_mark_install=1; expires=Sun, 03-Feb-2013 11:29:04 GMT; path=/; domain=coss.fi; httponly PHPSESSID=83c8eb259c0518c21f903f0136ac6326; path=/

    pdrp_mark is from Photodropper. The PHPSESSID comes from Events Manager and I've made another bug report to them. Both of these cookies are unnecessary on the public site and needed only at the admin sites.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic