: Shifting from no-www to www and browsers' password storage I created a website having user-registration system and invited my friend to join it. I gave him the link of no-www version: http://mydomain.com

@Nimeshi995

This is a limitation of the browser software and not that of your website, a browser will store passwords for an exact match URL which means if they visit the www site then that's where the password will be saved for, this is the same case for 'most' cookie based sessions.

Enforcing www

You can prevent this problem reoccurring by enforcing www in the URL address, this means no one will ever be able to visit the site without www and if they do it will redirect them to the correct address - meaning that saved passwords and sessions based cookies will be saved only for the correct URL preventing any problems.

There are many ways of how you can enforce www and this is one common solution using Apache with mod_rewrite:


SOURCE: What are the most commonly used and basic Apache htaccess redirects

Catch all and redirect non-www to www

You should opt to use mod_write for redirecting all requests for non
www versions of your site because the varible will catch page
names, so example.com/page1/ will automaticly redirect to
example.com/page1/.
mod_rewrite:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www. RewriteRule ^(.*)$ www.%{HTTP_HOST}/ [R=301,L]



People with saved passwords

You may find that you have to ask your site visits to clear their saved cookies and forms within the browser they are using should any further problems occur.

Vote Up Vote Down