Bear Bibeault wrote:By your description, the HTML might or might not be used. If it's going to be used 99% of the time, then maybe, maybe, I'd include it. Otherwise, why include something that might be discarded?
Worrying about performance at this juncture, rather than doing what makes the most sense (unknown without more info), is premature optimization.
Another point: is there a bunch of metadata that needs to be returned, or just status? If the latter, then the response status should be sufficient. Custom response headers could also be used to convey metadata.
Ulf Dittmer wrote:It sounds like returning HTML is not the best approach; why does it do that? Rather it sounds like JSON that encapsulates status code and data would be the way to go.
Bear Bibeault wrote:Thanks for posting back with your findings.
Bear Bibeault wrote:From the point of view of cookies, they are different domains. Whether you are using CORS or not does not affect this. The cookies, and therefore the session, will not be shared across the different domains.