Underscores in URLs Considered Harmful
September 2nd, 2008
Did you know that the ”_” (underscore) character is prohibited in URLs host names? I didn’t, until just a few minutes ago.
The problem began when a Donor Tools customer signed up for a new account with a subdomain like “demo_organization”. So their web address would have been http://demo_organization.donortools.com
. It worked fine for me, but they could not sign in no matter what they tried. We went back and forth with support emails trying to figure out what was going on – I could access their web address and every other web address on the system with no problem. But as soon as they tried to sign in on their end: boom, error. (Customer was using Internet Explorer)
I quickly traced the difficulty down to a cookie error. Using a little creative cookie sniffing, I set up an error message on the signin form, so if you go to https://demo.donortools.com/admin
with cookies turned off (or with a restrictive privacy policy), you’ll be warned to turn on your cookies. So I instructed the customer how to turn on their cookies, loosen their privacy settings, etc. All to no avail – they could still not sign in.
Finally it hit me: this was the only account we had that used an underscore in their web address. Could that be it? A quick google got me this page: http://support.microsoft.com/kb/909264, which referen