I have website built with ASP.NET MVC. The website has SSL so I have a redirection from any call to https.
However, when a user is loging in, I can have two tabs, one with the website open using www and the other is not using www: https://example.com and https://www.example.com.
If a user is logged in using one form of url I would expect the browser to notice that the user is logged in even if the other tab uses the other form of url. But this is not the case. The browser (Chrome on Windows) does not recognizes that the user is logged in.
How can I handle that so the user will appear logged in using any form of url?
You should setup a 301 redirect from www.example to example or example to www.example so your users only use the application from a single domain. Many websites (Facebook, Reddit, and StackOverflow to name a few) use a 301 redirect from www.domain.com to domain.com.
Related
the issue is our reverse proxy. When a user is logged in, the reverse proxy will send requests to the root path to the application rather than the marketing site. When a user is not logged in, requests to the root path are sent to the marketing site.
In the logged-in case, the request is never received by WordPress (it gets proxied to the application) so it never hits the redirect rules.
Marketing site: www.website.com/
App: www.website.com/app
CASES:
When logged out: Searching blog is working and the redirection rule (search page redirects to www.website.com/blog/search/a) is working
When logged in on the app: Searching blog redirects to accounts www.website.com/app root path instead of redirecting to this path www.website.com/blog/search/a (WordPress search redirect not working)
Where should I start fixing it?
I have migrated the site from HTTP to HTTPS in IIS8.5 using URL redirect module. But while redirect the front end site to https showing wrong password dialog box though providing correct credentials. I could see that cookies are not storing while the site is redirecting.
What should be done so that cookies can be stored as well?
I have been working on a website and originally thought that I could use HTTPS just for logged in users and for the log in process, and use HTTP for non-logged in users. E.g., a logged in user could see custom info on a secure home page, whereas visitors would see an unsecure generic home page, where home page would be like http://example.com or https://example.com (in terms of web address).
I am guessing that I have to make the whole site HTTPS, given that I don't want cookies for "Remember Me" users who are returning to be sent in plain text. It seems that since I migrated from MVC 4 to MVC 5 and Membership based authentication to Identity, that my app no longer reconnects with via "remember me" mode if I return to the HTTP version of the homepage, though does when I go to the HTTPS version.
My question is this: Can I have a secure app for logged in, or returning "remember me" users and at the same time have HTTP page access for non-logged in users? And if so, how? I have SecuritySwitch and my question is aiming at creating a secure sensibly structured site.
I have a Drupal 6.22 webpage. And I have a .de and a .at top level domain. Now the .at domain is an alias of .de. And I want:
I want to use the .at and the .de domain separately, exactly when anybody open my .at/indexp.php, not drop trough the .de domain.
I want to monitoring the incoming users.
So I want to hosting 2 site from 1 server, and I want to have a same login cookie, so anybody log in at .at, and navigating to .de, he keep logged in.
I know, the 2 page with same cantainment is killing the SEO, so thats a new more question.
I tried to solve the "Same Cookie" problem width $cookie_domain, but i can't. As I read, it's just working with 2 different server's 2 different sites.
Without some coding to authenticate the user between both sites, you can't do this.
Technically, browser won't send the cookies to other domains.
If the $cookie_domain is example.com, then www.example.com, extras.example.com will not get the cookies of example.com.
If it's .example.com, all example.com and its sub domains will get the cookies from browser. (note the leading dot before example.com)
You can't send example.com's cookies from another domain. That's why you are seeing you get redirected to Youtube and back to google when you login at a google domain.
You can point both domains to the same domain and it will work without a problem. But users will have to login twice in both sites.
Alternately you can send the user to the other site right after they login.
For an example, when user logs in at example.com, when the login is successful, send the user to the other domain immediately and the other site (example.net for instance) can do the same authentication and send user back to the origin site.
I don't know any module that does this though.
If I type http://example.com and login to my site and close my browser, re-open it and retype http://example.com then I am logged in.
However, when I type http://example.com, login, close the browser, re-open it, type http://www.example.com then I am NOT logged in.
I do not use ASP .NET authentication classes.
I run IIS 6 with both example.com and www.example.com URLs added to "Multiple identities for this web site" in IIS.
I do not wish the current behavior. Are there other things that can be affected because of this behavior?
Please make sure from your domain panel that it is referring to same IP Address and code.
I was having same issue and found that IP Address was different.
The problem is that you can't share cookies between example.com and www.example.com, due to a quirk in the cookie specification.
Instead, what you should do is pick one of the domains as your primary. Then, detect references to the other domain, and redirect users from there back to the primary. For example, you could choose www.example.com as the primary, and redirect references to example.com back to www.example.com.
That way, the authentication cookies will be present if the user tries to switch from one domain to another.