I need to clarify a fundamental concept (beginner here).
In a Django web app I maintain, I notice that if one logs in via going to example.com
, they remain logged out on www.example.com
(and can then go on to create a clone account).
1) Why does this happen?
2) What's the standard practice to iron out this issue? I.e., give one consistent experience across www
and no-www
.
In case the answer is as basic as just a redirection, I could use some pointers and an illustrative example there too - I'm using nginx reverse proxy with gunicorn.
1 ) Django cookies do not work for same with a prepended www and non-www domain by default.Django considers it as a different sessions.
2) The PREPEND_WWW setting you can set to redirect your xyz.com to www.xyz.com.
or if you need same cookie to both of the sites you can use session_cookie_domain,