I’m having this problem with my dotnetnuke website where the .DOTNETNUKE cookie is being created twice,
one for http://www.website.com and one for website.com.
When a user logins in with a url of website.com and tries to access a page that is http://www.website.com it causes them to re-loggin with a new cookie for http://www.website.com. This results in two cookies, one for http://www.website.com and another for website.com.
How do I fix this, does anyone have any ideas where to start?
Thanks! John
This has to do with the dot rule. One of the security checks that a browser does is makes sure that a cookie’s domain has the same number of periods as the domain it’s on. A cookie from http://www.example.com will have the domain, ‘www.example.com’ or ‘*.example.com’, where as a cookie from ‘example.com’ will have the domain ‘example.com’. So the browser’s thinking ‘example.com isn’t/may not be the same as http://www.example.com, better get a new cookie just in case.’
Set up your server so that it redirects your users to either www or no-www. Make sure you choose one or the other and stick with it. Having two will not only cause your current cookie woes, but possibly hurt your page rank in search engines.
See here for more info:
A question on SO relating
Dot rule stuff