For sessions and cookies, is there a difference between example.com and http://www.example.com?
I have a very strange problem with our web application
The privat web is: private.example.com
The public web is: example.com
For some reasons outside my control http://www.example.com is allways redirected to example.com
I guess this is the setup on the server.
The problem is when I log in to the admin console, and open a new tab and requests the public site, the log in session is lost.
This only happens in IE 7
After some diging I found this site:
http://blogs.msdn.com/ieinternals/archive/2009/08/20/WinINET-IE-Cookie-Internals-FAQ.aspx
See Q3
Can it be that the session set in admin(private.example.com) is deleted when I access the public site? Since the server is redirecting me to example.com?
I think we do not specify the domain part when setting the cookie (Java)
As I said, this only happens with XP SP3 and IE7
Anyone who can help me, or correct my understanding of the IE stuff.
Yes, cookies are domain and even sub-domain specific. So this is the problem. For consistency’s sake, I’d try to find a way to keep it on the same sub-domain.
You said the redirect from http://www.yourdomain.com to yourdomain.com is outside your control. Is that because you don’t have access to the server? If so, you could attack it from another angle. Instead of preventing the redirect, you could set up a global 301 redirect rule so that every user who goes to http://www.yourdomain.com is instantly redirected to yourdomain.com (kinda like StackOverflow.com). That way it remains consistent on every page of the site.
There are many different ways to accomplish this. But if by chance you’re using .NET, see my answer to this question:
Setting up HTTP Redirect for SEO in IIS7
That’s a pure .NET code solution that requires no additional modules so it’d work even if you don’t have access to the server. Actually that answer is for the reverse scenario (non-www to www) but it could easily be modified for this task.