Level 2
- Should we add both domains in session_set_cookie_params ? Or Laravel do it dynamically ?
- Should we redirect non-www to www in .htaccess ? Or Laravel do it dynamically ?
Thanks
Jul 23, 2015
3
Level 2
Data lost on www and non-www
Hello, I'm using Laravel 5.1 the latest version and I discovered that the www. and non-www can caused session and Auth lost I tested this on two hosts one with SSL . So when I tried to login and change host from www to non-www I see that I'm not logged and while its on www logged . I tried to change request header but nothing happened .
Any Idea their ? Bitcoin Boy.
Level 75
See if this post helps https://laracasts.com/discuss/channels/forge/www-not-working-on-letsencrypt-ssl
Level 54
if you want sessions to work corrrectly on both www and non-www version of the same domain I believe the cookie's domain has to be set as .domain.com
As for SSL, your cert would specifically need to support both if you want to be able to secure both. Personally, I redirect all traffic to the non-www version of my site as part of my vhost config and never allow any traffic to get through on www.domain anywhere. the www subdomain is pretty passe these days, and is being phased out as far as I can tell. It's really just unnecessary :)
Please or to participate in this conversation.