1

I maintain a Python/Django web app where users can authenticate and log in. I've noticed that if I log into my app at example.com, I'm still logged out at www.example.com!

This behavior replicates on all major browsers (Firefox, Chrome, etc). It seems session information is not being maintained between these addresses? I'm perplexed. Why could this be happening?

My DNS name was procured from Azure. E.g. example.cloudapp.net. I use a DNS management service called Hurricane Electric to map example.com and www.example.com to this DNS name. Specifically, in Hurricane Electric I've created CNAME records where the hostname is the azure-provided DNS name, and the name is the web address I want to associate with it (along with a TTL). That's about all I've done.

PROPOSED FIX: in my DNS management system, should I route www.example.com to example.com intead of example.cloudapp.net?

Note: Explored whether this SO answer can solve my problem. It ostensibly does, but a known issue is losing all session information - and I do NOT want that.

Community
  • 1
  • 1
Hassan Baig
  • 15,055
  • 27
  • 102
  • 205
  • Yeah, the answer you linked is probably the reason you are having trouble. Your authentication cookie is probably set to a single domain. You can confirm this from your F12 tools. – juunas Jan 23 '17 at 16:21
  • I'm somewhat confused about how to set the cookie to multiple (sub)domains. I.e. shouldn't I set it to the original host `example.cloudapp.net` that `example.com` and `www.example.com` are pointing to? OR should I set the SESSION_COOKIE_DOMAIN to `.example.com` and be done with it? – Hassan Baig Jan 23 '17 at 16:48
  • Added some new information to the question. – Hassan Baig Jan 23 '17 at 16:57

0 Answers0