views:

329

answers:

2

Hi,

I'm having this problem with my dotnetnuke website where the .DOTNETNUKE cookie is being created twice,

one for www.website.com and one for website.com.

When a user logins in with a url of website.com and tries to access a page that is www.website.com it causes them to re-loggin with a new cookie for www.website.com. This results in two cookies, one for www.website.com and another for website.com.

How do I fix this, does anyone have any ideas where to start?

Thanks! John

+7  A: 

This has to do with the dot rule. One of the security checks that a browser does is makes sure that a cookie's domain has the same number of periods as the domain it's on. A cookie from www.example.com will have the domain, "www.example.com" or "*.example.com", where as a cookie from "example.com" will have the domain "example.com". So the browser's thinking "example.com isn't/may not be the same as www.example.com, better get a new cookie just in case."

Set up your server so that it redirects your users to either www or no-www. Make sure you choose one or the other and stick with it. Having two will not only cause your current cookie woes, but possibly hurt your page rank in search engines.

See here for more info:

A question on SO relating

Dot rule stuff

jacobangel
A: 

To avoid IIS configuration I found a url rewriting tool here http://urlrewriting.net/149/en/home.html. It works like a charm!

John