Closed Bug 507756 Opened 15 years ago Closed 15 years ago

getpersonas.com and www.getpersonas.com don't share PERSONA_USER cookie

Categories

(Websites Graveyard :: getpersonas.com, defect)

Product:
Websites Graveyard
Component:
getpersonas.com
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: myk, Assigned: zandr)

References

Details

getpersonas.com and www.getpersonas.com don't share the PERSONA_USER cookie they set to specify that a user is signed in, which means that a user can be signed in at one of those domains while not being signed in at the other.

That seems like a wonky user experience, and it can make it more cumbersome to implement certain features in the extension (like bug 505846).

One fix would be to set a domain cookie (.getpersonas.com) instead of a host cookie (getpersonas.com or www.getpersonas.com).  That'll require a change to the way bug 505846 is implemented, although it shouldn't be hard.

The simplest fix would be to redirect getpersonas.com to www.getpersonas.com.  Then the client code can assume that users are always on www.getpersonas.com when they authenticate and access the cookie only from that host.
I vote for redirection.
Agree. Assigning to Zandr for when he gets back.
Assignee: nobody → zandr
Blocks: 519615
OK, this is fixed with a TrafficScript that 301s to www.getpersonas.com
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Verified, FIXED.
getpersonas.com get redirected to www.getpersonas.com
Verified on Mac/Win/Linux
Status: RESOLVED → VERIFIED
Product: Websites → Websites Graveyard
You need to log in before you can comment on or make changes to this bug.