Going to a page without "www" in my app causes the page to not load

We've recently run into an issue with our ASP.NET application where if a user goes to ourcompany.com instead of www.ourcompany.com, they will sometimes end up on a page that does not load data from the database. The issue seems to be related to our SSL certificate, but I've been tasked to investigate a way on the code side to fix this.

Here's the specific use case:

There is a user registration page that new users get sent to after they "quick register" (enter name, email, phone). With "www" in the URL (e.g. "www.ourcompany.com") it works fine, 开发者_Python百科they can proceed as normal. However, if they browsed to just "ourcompany.com" or had that bookmarked, when they go to that page some data is not loaded (specifically a list of states from the DB) and, worse, if they try to submit the page they are kicked out entirely and sent back to the home page.

I will go in more detail if necessary but my question is simply if there is an application setting I can say to keep the session for the app regardless of if the URL has the "www" or not? Buying a second SSL cert isn't an option at this point unless there is no recourse, and I have to look at a way to solve this without another SSL.

Any ideas to point me in the right direction?

When your users go to www.ourcompany.com they get a session cookie for the www subdomain. By default, cookies are not shared across subdomains, which is why users going to ourcompany.com do not have access to their sessions.

There is a useful thread discussing this issue here. The suggested solution is:

By the way, I implemented a fairly good fix/hack today. Put this code on every page: Response.Cookies["ASP.NET_SessionId"].Value = Session.SessionID; Response.Cookies["ASP.NET_SessionId"].Domain = ".mydomain.com";

Those two lines of code rewrite the Session cookie so it's now accessible across sub-domains.

Doug, 23 Aug 2005

Surely you are trying to solve the wrong problem?

Is it possible for you to just implement URL rewriting and make it consistent?

So for example, http://example.com redirects to http://www.example.com ?

For an example of managing rewriting see:

http://paulstack.co.uk/blog/post/iis-rewrite-tool-the-pain-of-a-simple-rule-change.aspx

From the browsers point of view, www.mysite.com is a different site than mysite.com.

If you have a rewrite engine, add a rule to send all requests to www that don't already have it.

Or (this is what I did) add a separate IIS site with the "mysite.com" host header and set the IIS flag to redirect all traffic to www.

In either of these cases, any time a browser requests a page without the www prefix, it will receive a redirect response sending it to the correct page.

Here's the redirect site home directory properties:

And the relevant host header setting:

This fixes the issue without requiring code changes, and incidentally prevents duplicate search results from Google etc.

Just an update, I was able to fix the problem with a web.config entry:

<httpCookies domain=".mycompany.com" />

After adding that, the problem went away.