There have been a couple of threads recently about problems staying logged in. I notice that mumsnet is now available at both www.mumsnet.com and mumsnet.com, and the session cookie is set for the domain that is requested for the login page.
This obviously causes a problem if the user logs in at www.mumsnet.com and subsequently follows a link to (or uses browser auto-complete to get to) mumsnet.com. Also if the user logs in from mumsnet.com the illegal cookie domain mumsnet.com is used - it should be .mumsnet.com
Serving the same pages at mumsnet.com and www.mumsnet.com is not good practice anyway.
Suggested solution:
- Always set the session cookie with the domain .mumsnet.com
- Use a HTTP 301 redirect from mumsnet.com to www.mumsnet.com - for example and general interest using Apache mod_rewrite:
RewriteCond %{HTTP_HOST} ^mumsnet.com$ [NC]
RewriteRule ^(.*)$ www.mumsnet.com/$1 [L,R=301]
.. although as you are parsing the URL in Java/PHP anyway it is probably more efficient to do it there.