Did you know that the ”_” (underscore) character is prohibited in URLs host names? I didn’t, until just a few minutes ago.

The problem began when a Donor Tools customer signed up for a new account with a subdomain like “demo_organization”. So their web address would have been http://demo_organization.donortools.com. It worked fine for me, but they could not sign in no matter what they tried. We went back and forth with support emails trying to figure out what was going on – I could access their web address and every other web address on the system with no problem. But as soon as they tried to sign in on their end: boom, error. (Customer was using Internet Explorer)

I quickly traced the difficulty down to a cookie error. Using a little creative cookie sniffing, I set up an error message on the signin form, so if you go to https://demo.donortools.com/admin with cookies turned off (or with a restrictive privacy policy), you’ll be warned to turn on your cookies. So I instructed the customer how to turn on their cookies, loosen their privacy settings, etc. All to no avail – they could still not sign in.

Finally it hit me: this was the only account we had that used an underscore in their web address. Could that be it? A quick google got me this page: http://support.microsoft.com/kb/909264, which references RFC 1123:

In DNS computer names, use only the characters that are listed in RFC 1123. These characters include A–Z, a–z, 0–9, and the hyphen (-). In Windows Server 2003, DNS allows most UTF-8 characters in names. However, do not use extended ASCII or UTF-8 characters unless all the DNS servers in your environment support them.

Internet Explorer was choking on the underscore character! It would access the web address like normal, but for whatever reason, it was blocking cookies from that address. Voila! A quick change of the web address from ”_” to ”-” solved the problem.

So, for future reference, if your site requires Cookies, default to the least common denominator, Internet Explorer, and constrain web addresses to [a-z0-9-]*.