Talk

Advanced search

Cookies

(2 Posts)
MrAnchovy Tue 18-Aug-09 08:52:39

There have been a couple of threads recently about problems staying logged in. I notice that mumsnet is now available at both www.mumsnet.com and mumsnet.com, and the session cookie is set for the domain that is requested for the login page.

This obviously causes a problem if the user logs in at www.mumsnet.com and subsequently follows a link to (or uses browser auto-complete to get to) mumsnet.com. Also if the user logs in from mumsnet.com the illegal cookie domain mumsnet.com is used - it should be .mumsnet.com

Serving the same pages at mumsnet.com and www.mumsnet.com is not good practice anyway.

Suggested solution:

1. Always set the session cookie with the domain .mumsnet.com

2. Use a HTTP 301 redirect from mumsnet.com to www.mumsnet.com - for example and general interest using Apache mod_rewrite:

RewriteCond %{HTTP_HOST} ^mumsnet.com$ [NC]
RewriteRule ^(.*)$ http://www.mumsnet.com/$1 [L,R=301]

.. although as you are parsing the URL in Java/PHP anyway it is probably more efficient to do it there.

HelenMumsnet (MNHQ) Tue 18-Aug-09 10:36:12

Thank you Mr Anchovy - your post has made BigTech nod sagely and scuttle back to the Shed.

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now