If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

getpersonas.com and www.getpersonas.com don't share PERSONA_USER cookie

VERIFIED FIXED

Status

Websites Graveyard
getpersonas.com
VERIFIED FIXED
8 years ago
4 years ago

People

(Reporter: myk, Assigned: zandr)

Tracking

Details

(Reporter)

Description

8 years ago
getpersonas.com and www.getpersonas.com don't share the PERSONA_USER cookie they set to specify that a user is signed in, which means that a user can be signed in at one of those domains while not being signed in at the other.

That seems like a wonky user experience, and it can make it more cumbersome to implement certain features in the extension (like bug 505846).

One fix would be to set a domain cookie (.getpersonas.com) instead of a host cookie (getpersonas.com or www.getpersonas.com).  That'll require a change to the way bug 505846 is implemented, although it shouldn't be hard.

The simplest fix would be to redirect getpersonas.com to www.getpersonas.com.  Then the client code can assume that users are always on www.getpersonas.com when they authenticate and access the cookie only from that host.
I vote for redirection.
Agree. Assigning to Zandr for when he gets back.
Assignee: nobody → zandr
(Assignee)

Updated

8 years ago
Blocks: 519615
(Assignee)

Comment 3

8 years ago
OK, this is fixed with a TrafficScript that 301s to www.getpersonas.com
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Verified, FIXED.
getpersonas.com get redirected to www.getpersonas.com
Verified on Mac/Win/Linux
Status: RESOLVED → VERIFIED
Component: getpersonas.com → getpersonas.com
Product: Websites → Websites Graveyard
You need to log in before you can comment on or make changes to this bug.