It is important to be careful of site naming conventions within protected areas to make the user experience as smooth as possible. In particular, even if you have set both www.example.com and example.com to refer to the same server, it important that links within protected areas be consistently named with one server name, or identified without the server name by path only. This arises because of the way browsers interpret the application of cached credentials as they encounter requests. www.example.com and example.com will not be considered to be the same server by the browser, and it will ask for credentials a second time. This is harmless, however, it is disconcerting to users who know they are already logged in and do not expect further login prompts.
Access to User Names and Session State
table of contents
full printable document
all rights reserved
design - eggworx.com