[pmwiki-users] www makes it forget password

Marc Cooper gmane at auxbuss.com
Tue Sep 19 03:57:33 CDT 2006


JB said...
> I type in the browser url box:
> 
>     http://aplace.org/abc/?action=edit
> 
> I click edit, PMWiki asks for my password
> I get to the editor.  Whenever I return to the url 
> can go directly to the editor. It remembers my password.
> 
> When I change the url by just adding "www" in front: 
> 
>     http://www.aplace.org/abc/?action=edit
> 
> It asks for my password again.  It is the same
> website.  Why does it ask for my password again?

The fact that aplace.org and www.aplace.org resolve to the same place is 
coincidental. The PmWiki session data (that contains your login info) is 
resolved via a session cookie in your browser whose key is the FQDN of 
the site you are accessing - take a look at your cookies and you'll find 
it there. When you change that key to the cookie, by editing the FQDN in 
the URL, you break the link with the session cookie.

An increasing number of folk are dropping the "www." part of URLs 
believing that, because it works most of the time, it's valid behaviour. 
It's not; it can break many things.

If you are using Apache, one way to set your users back on the correct 
path is to use something like this in .htaccess:

  RewriteEngine on
  RewriteCond %{HTTP_HOST} ^aplace.org$ [NC]
  RewriteRule ^(.*)$ http://www.aplace.org/$1 [R=301,L]

-- 
Best,
Marc





More information about the pmwiki-users mailing list