0

I have a website use flask-user and gevent and I found a problem with the sessions

if I logged in using www.example.com then enter the same website without www like example.com I will find my self not logged in!

I should have the session for www.example.com works on example.com because they are the same and I don't know where is the issue.

abdulla-alajmi
  • 381
  • 1
  • 7
  • 17
  • That's more of an issue of how your server is setup. I assume you'd want the non-www site to redirect you to the www site, correct? – elPastor Dec 16 '16 at 12:43

1 Answers1

0

That issue is related on how session and cookies work.
Usually, when you login on a website, it stores a cookie with the exact domain you entered, therefore if you logged in on www.example.com the cookie will be set to the same domain - which is not accessible from example.com.

If you would like the cookie / session to be detected from all the domains, you should set the cookie as .example.com or if working with modern browsers only, you might set it as example.com - and it will be accessible from all subdomains.

You may read more about it here.

Community
  • 1
  • 1
Adriano Martins
  • 1,652
  • 1
  • 21
  • 21