Clever Geek Handbook

Difference between http://example.com and http://www.example.com?

For sessions and cookies, is there a difference between example.com and www.example.com?

I have a very strange problem with our web application

Private network: private.example.com Public network: example.com

For some reason outside of my control www.example.com is always redirected to example.com I am assuming this is a server setting.

The problem is when I go into the admin console and open a new tab and ask for the open site, the login session is lost.

This only happens in IE 7

After some digging, I found this site:

http://blogs.msdn.com/ieinternals/archive/2009/08/20/WinINET-IE-Cookie-Internals-FAQ.aspx

See Q3

Can it be established that the session set to admin (private.example.com) is deleted when accessing the public site? Since the server is redirecting me to example.com?

I think we are not specifying the domain part when setting the cookie (Java)

As I said, this only happens with XP SP3 and IE7

Anyone who can help me or please correct my understanding of IE stuff.

+2


source to share


4 answers


Yes, cookies are domain and even sub domain. So this is the problem. For consistency, I would try to find a way to keep it in the same subdomain.

You said that redirecting from www.yourdomain.com to yourdomain.com is out of your control. Is it because you don't have access to the server? If so, you can attack him from a different angle. Instead of preventing redirects, you can set up a 301 global redirect rule so that every user who goes to www.yourdomain.com is instantly redirected to your site (such as StackOverflow.com). This way it stays consistent across every page of the site.



There are many different ways to achieve this. But if by any chance you are using .NET, see my answer to this question: Configuring HTTP Redirect for SEO in IIS7

It is a pure .NET solution that does not require additional modules in order for it to work, even if you don't have access to the server. In fact, this answer refers to the opposite scenario (non-www to www), but it can be easily modified for this task.

+1


source


Cookies are always set on the subdomain and not on the domain itself when created. You will need to configure a cookie to point to example.com on creation. We had the same problem with admin.example.com and users.example.com.



+1


source


If you set a cookie for example.com it should be sent to www.example.com and private.example.com, but if you set a cookie for private.example.com it should not be sent to example.com.Some sites set everything its cookies are on www.example.com and serve as static content from static.example.com or another domain, so cookies are not sent without a request for static content.

See also http://developer.yahoo.com/performance/rules.html#cookie_free

0


source


Domains and subdomains are independent of each other when it comes to cookies. I would check your DNS records to see exactly where your A records are, then look at your webserver to see how subdomains are interpreted. Sometimes servers are configured to handle subdomains as URL redirects, especially in large hosted solutions.

You can also check if the Java equivalent of the ASP property "Response.Cookies" ("UID") matches. The "domain" is set somewhere along the line.

0


source






More articles:


All Articles