CODEWITHSUNDEEP
node.jsexpresscookiessubdomain
Erik
Erik

Reputation: 14750

How to configure application to be available subdomain cookie?

I need to share session cookie between main domain and all subdomains. I have two nodejs services based on expressjs framework:

// example.local

    ...
    app.use(session({
       cookie: {
          domain: "example.local"
       }
       , key: 'sid'
       , secret: '[my secret]'
       , saveUninitialized: true
       , resave: true
       , store: new RedisStore({
          host: 'localhost',
          port: 6379
       })
    })); 

// blog.example.local

    ...
    app.use(session({
       // what should I write here? <---------
    }));

So my question is what should I write in session configuration of blog.example.local to get access to existing cookie of example.local?

EDIT: as @yeiniel suggest, I should just use the same config for blog.example.local like the following:

// blog.example.local

    ...
    app.use(session({
       cookie: {
          domain: "example.local"
       }
       , key: 'sid'
       , secret: '[my secret]'
       , saveUninitialized: true
       , resave: true
       , store: new RedisStore({
          host: 'localhost',
          port: 6379
       })
    }));

Is it enough or I may optimize it?

Upvotes: 9

Views: 183

Answers (3)

Lalit Goswami
Lalit Goswami

Reputation: 816

i think your cookie attribute in middleware should be like this,

cookie: {
      domain: ".example.local",
      path:'/'
}

for blog.example.local and 

cookie: {
      domain: "example.local",
      path:'/'
}

for example.local

Hope this work you.

Upvotes: 2

mayankbatra
mayankbatra

Reputation: 2678

I am currently managing a similar setup All apps have the same settings for session

app.use(session({
store: redisStore,
secret: config.secret,
resave: true,
rolling: true,
saveUninitialized: false,
name: config.cookie_name,
cookie: {
  domain: config.cookie_domain_name, \\ .website.tld
  secure: false
}

You will not be able to use localhost to keep your session data, specially if apps are on different servers. YOu will need a central storage for session data, which all apps can access.

Upvotes: 1

yeiniel
yeiniel

Reputation: 2456

Basically you need two things: Use the same settings on all servers (not just cookie settings but all the session settings included the store) and ensure cookie domain configuration point to the common domain between the sites.

Upvotes: 6

Related Questions