Django user session discrepancy across subdomains pointing to the same DNS name

Django user session discrepancy across subdomains pointing to the same DNS name,django,azure,dns,no-www,Django,Azure,Dns,No Www,I maintain a Python/Django web app where users can authenticate and log in. I've noticed that if I log into my app at example.com, I'm still logged out at www.example.com! This behavior replicates on all major browsers (Firefox, Chrome, etc). It seems session information is not being maintained between these addresses? I'm perplexed. Why could this be happening? My DNS name was procured from Azure. E.g. example.cloudapp.net. I use a DNS management service called Hurricane Electric to map ex

I maintain a Python/Django web app where users can authenticate and log in. I've noticed that if I log into my app at

example.com
, I'm still logged out at
www.example.com
!

This behavior replicates on all major browsers (Firefox, Chrome, etc). It seems session information is not being maintained between these addresses? I'm perplexed. Why could this be happening?


My DNS name was procured from Azure. E.g.

example.cloudapp.net
. I use a DNS management service called Hurricane Electric to map
example.com
and
www.example.com
to this DNS name. Specifically, in Hurricane Electric I've created CNAME records where the hostname is the azure-provided DNS name, and the name is the web address I want to associate with it (along with a TTL). That's about all I've done.

PROPOSED FIX: in my DNS management system, should I route

www.example.com
to
example.com
intead of
example.cloudapp.net
?


Note: Explored whether this SO answer can solve my problem. It ostensibly does, but a known issue is losing all session information - and I do NOT want that.


#1

Yeah, the answer you linked is probably the reason you are having trouble. Your authentication cookie is probably set to a single domain. You can confirm this from your F12 tools.

#2

I'm somewhat confused about how to set the cookie to multiple (sub)domains. I.e. shouldn't I set it to the original host example.cloudapp.net that example.com and www.example.com are pointing to? OR should I set the SESSION_COOKIE_DOMAIN to .example.com and be done with it?

#3

Added some new information to the question.

#4

Yeah, the answer you linked is probably the reason you are having trouble. Your authentication cookie is probably set to a single domain. You can confirm this from your F12 tools.

#5

I'm somewhat confused about how to set the cookie to multiple (sub)domains. I.e. shouldn't I set it to the original host example.cloudapp.net that example.com and www.example.com are pointing to? OR should I set the SESSION_COOKIE_DOMAIN to .example.com and be done with it?

#6

Added some new information to the question.