Site devs:
I've been struggling with an issue for weeks in which my active login has been lost after I close and (eventually) reopen my web browser. This has happened on several computers, each running Firefox. When it has occurred, I would re-auth, get the "thanks for logging in" screen, then not be logged in upon the final redirect. I've had to clear my ECF cookies before the login would ever be successful. It hasn't mattered whether or not I clicked "Log Out" prior to closing the browser -- I would still have to purge cookies.
The problem is that whenever I visit ECF, I don't search for it. I don't browse to it. I have been entering "e-cigarette-forum.com/forum" into the address field of my web browser; which brings me to the forums OK, although unable to authenticate until after I've eaten the ECF cookies.
Do you see the source of the problem yet? Perhaps not yet.
Whatever code handles cookie-based authentication is dependent upon the www subdomain. If I enter "www.e-cigarette-forum.com/forum" then voila! I'm magically logged in; whereas if I drop the www and just enter "e-cigarette-forum.com/forum" then I have to clear cookies, etc. The www is necessary but is not enforced.
A possible fix
Force users to www when the subdomain has been omitted. Put something like the following into your .htaccess:
Or you could revisit your authentication code and make it more gracefully handle the truncated host.domain. The .htaccess fix is perhaps easier to implement, IMHO.
Thanks for all you do!
I've been struggling with an issue for weeks in which my active login has been lost after I close and (eventually) reopen my web browser. This has happened on several computers, each running Firefox. When it has occurred, I would re-auth, get the "thanks for logging in" screen, then not be logged in upon the final redirect. I've had to clear my ECF cookies before the login would ever be successful. It hasn't mattered whether or not I clicked "Log Out" prior to closing the browser -- I would still have to purge cookies.
The problem is that whenever I visit ECF, I don't search for it. I don't browse to it. I have been entering "e-cigarette-forum.com/forum" into the address field of my web browser; which brings me to the forums OK, although unable to authenticate until after I've eaten the ECF cookies.
Do you see the source of the problem yet? Perhaps not yet.
Whatever code handles cookie-based authentication is dependent upon the www subdomain. If I enter "www.e-cigarette-forum.com/forum" then voila! I'm magically logged in; whereas if I drop the www and just enter "e-cigarette-forum.com/forum" then I have to clear cookies, etc. The www is necessary but is not enforced.
A possible fix
Force users to www when the subdomain has been omitted. Put something like the following into your .htaccess:
Code:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^e\-cigarette\-forum\.com
RewriteCond %{HTTPS} =on
RewriteRule .* https://www.%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^e\-cigarette\-forum\.com
RewriteCond %{HTTPS} !=on
RewriteRule .* http://www.%{SERVER_NAME}%{REQUEST_URI} [R,L]Thanks for all you do!
