August 9th, 2011, 10:45 PM
IIS storing different cookies
My site stores users login info in cookies and I noticed that they values stored can be different for http://mysite vs. http://www.mysite. More specifically, I login with two test accounts then logout (storing the username in a cookie) and then I output the username to the screen. The cookie value is different for http://mysite vs. http://www.mysite even though I followed the same login/logout process on each.
Is there something I can do in IIS to prevent this?
August 10th, 2011, 10:19 PM
I don't know of any IIS settings affecting cookie domains directly, I've always seen your problem corrected by the server php/asp code, not the server. Many applications have settings that let you decide how cookie domains are used.
I've never been able to appreciate the sublime arrogance of folks who feel they were put on earth just to save other folks from themselves .." - Donald Hamilton
August 12th, 2011, 01:54 AM
This is because non www and www versions of the site are two different domains. To resolve this you should use only one domain name for the site and by example to redirect the non www version to www version. This could be done with IIS 301 redirect or URL rewriting. Also, this will be good for your google page rank too, because now you have two domains with the same content.