Django login cookies for Subdomains with underscores broken in IE8?
In my Django login I always rewrite a logged in users url to have their username in it. So if the username is "joe" I rewrite the url to be 开发者_如何学编程"joe.example.com". This works great except on IE8 for usernames with underscores like "joe_schmoe". IE8 won't login the users when the url is like: "joe_schmoe.example.com". In my settings file I have wildcard subdomains for example.com turned on.
Is this a bug in IE8 or django? How can I work around it other than removing all underscores from usernames?
It's an IE issue. IBM Lotus Sametime has a support page about this:
Error "Cookies are not enabled" in Internet Explorer if underscore in the hostname
This error message is displayed when using Internet Explorer 5.5 and 6.0 or later with the Microsoft Patch MS01-055 (or a Service Pack that also includes this patch). When Internet Explorer is updated, it then becomes compliant with Request for Comments (RFC) 952, which defines and restricts host and domain naming conventions. This compliance is to avoid certain security vulnerabilities with session cookies [...]
You can read more (including reference to Microsoft's Knowledge Base Article and RFC 952) on the above-mentioned support page.
I know that LiveJournal always rewrite such usernames using dash, so "joe-schmoe". I think they do it on purpose :)
I suspect the same is true if the hostname has four parts instead of three -- we have no trouble with sitename.ourdomain.net , but IE8 for one customer is refusing cookies coming from test.sitename.ourdomain.net . But I can't reproduce it on other IEs yet.
精彩评论