Consistent user authorization across url with/without www

56 views Asked by At

I need to clarify a fundamental concept (beginner here).

In a Django web app I maintain, I notice that if one logs in via going to example.com, they remain logged out on www.example.com (and can then go on to create a clone account).

1) Why does this happen?

2) What's the standard practice to iron out this issue? I.e., give one consistent experience across www and no-www.

In case the answer is as basic as just a redirection, I could use some pointers and an illustrative example there too - I'm using nginx reverse proxy with gunicorn.

1

There are 1 answers

7
Aniket Pawar On BEST ANSWER

1 ) Django cookies do not work for same with a prepended www and non-www domain by default.Django considers it as a different sessions.

2) The PREPEND_WWW setting you can set to redirect your xyz.com to www.xyz.com.

PREPEND_WWW = True 

or if you need same cookie to both of the sites you can use session_cookie_domain,

SESSION_COOKIE_DOMAIN = ".yoursite.com"