webdiplomacy.net

Hi,

I am seeing in some scenarios the session cookie(s) getting lost...and I am being shown as logged out. For instance if I go here to look at the championship crown game series:

http://www.webdiplomacy.net/contrib/php ... p?f=7&t=85

And I click on one of the games it shows me as logged out. Is this just me...or are other people seeing this as well?

Of course if I go back and continue to browse the site (e.g. click home from the "championship crown series" page) then my user is still there.

I think this happens when you go from the www subdomain to the top level domain or vice-versa.

Surely the cookies should be set on "/"? Perhaps I need to get out the wireshark.

Check that you're logged in both to webdiplomacy.net and www.webdiplomacy.net.

I think most sites redirect to one or the other, whereas we don't. It's definitely a little weird, but such is life.

OK, this is a bug then. You should be able to use one cookie across www.webdiplomacy.net and webdiplomacy.net:

https://stackoverflow.com/questions/184 ... and-domain

i.e. we should be able to do in the webdip code:

Set-Cookie: JSESSIONID=xxx; domain=webdiplomacy.net

which will work across both domains (RFC 6265).

Thanks for the link! I've created the bug report here: https://github.com/kestasjk/webDiplomacy/issues/284