For the past week or so, I’ve received several emails from visitors saying that they weren’t able to login to my password protected posts. I had them clear their cookies, etc etc. but still did not work. Today I had one of them tell me that they noticed if they visited WITHOUT the ‘www’ it worked, but if they visited WITH the ‘www’ it didn’t work. Under ‘options’, my blog url is WITHOUT the www. I changed it to WITH the www, and the opposite happened (WITH worked, WITHOUT didn’t)
So.. there seems to be an issue with cookies. Anyone else having this problem? I have version 1.5.2.. everything else seems to be fine…
Confirmed this on my own site, I had to remove my htaccess though which is redirecting links with www (and thus automatically brought me to the proper page when I typed in the password). Guess I’m glad I have that now.
WordPress generates a unique token for the password and comment cookies, using the site name. So if someone visits http://www.example.com, but the site is configured to use just example.com, the cookie won’t match correctly.
Mark’s one permalink only plugin might help you solve this problem. It will redirect people to the site url you defined in Options, so that everyone always uses www or no-www, as you prefer.