[pmwiki-users] www makes it forget password
Marc Cooper
gmane at auxbuss.com
Tue Sep 19 03:57:33 CDT 2006
JB said...
> I type in the browser url box:
>
> http://aplace.org/abc/?action=edit
>
> I click edit, PMWiki asks for my password
> I get to the editor. Whenever I return to the url
> can go directly to the editor. It remembers my password.
>
> When I change the url by just adding "www" in front:
>
> http://www.aplace.org/abc/?action=edit
>
> It asks for my password again. It is the same
> website. Why does it ask for my password again?
The fact that aplace.org and www.aplace.org resolve to the same place is
coincidental. The PmWiki session data (that contains your login info) is
resolved via a session cookie in your browser whose key is the FQDN of
the site you are accessing - take a look at your cookies and you'll find
it there. When you change that key to the cookie, by editing the FQDN in
the URL, you break the link with the session cookie.
An increasing number of folk are dropping the "www." part of URLs
believing that, because it works most of the time, it's valid behaviour.
It's not; it can break many things.
If you are using Apache, one way to set your users back on the correct
path is to use something like this in .htaccess:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^aplace.org$ [NC]
RewriteRule ^(.*)$ http://www.aplace.org/$1 [R=301,L]
--
Best,
Marc
More information about the pmwiki-users
mailing list