CODEWITHSUNDEEP
jqueryhttpnginxcookiescross-domain
gokan
gokan

Reputation: 1078

Set cookie from subdomain A for subdomain B

from http://subdomain-a.my-site.com:3000, I make a cross domain XHR (ajax) call to http://subdomain-b.my-site.com.

My jQuery client has the following settings (for testing purpose):

The Nginx server has been configured to add the following headers in the response:

Access-Control-Allow-Origin: http://subdomain-a.my-site.com:3000
Access-Control-Allow-Credentials: true

The HTTP Response also contains some Set-Cookie headers with the following domains :

Observation:

Question => Am I trying to do something possible or impossible ? If it's possible, did I miss some configuration ?

Constraint: I know there's an alternative solution, like Google Analytics does for setting cookie (it call a service then set the cookie from the embedded JS in your page), but we have a lot of front apps and cannot update them to do this trick. Our solution is to use nginx.

Upvotes: 2

Views: 3178

Answers (1)

gokan
gokan

Reputation: 1078

It's possible. I missed the following configuration :

withCredentials = true is wrong, xhrFields: {withCredentials: true} was the solution.

About the HTTP Response, we have the following Set-Cookie headers:

Set-Cookie: authtoken=value; Path=/; HttpOnly
Set-Cookie: authtoken=value; Domain=.my-site.com; Path=/; HttpOnly

Now, if you go to subdomain-b.my-site.com and open the cookie's tab, you'll see a authtoken cookie with the subdomain-b.my-site.com domain. This was tested with Chrome, Firefox and Safari.

Note: crossDomain = true is unnecessary, because our XHR HTTP Response returns Access-Control-Allow-Origin: http://subdomain-a.my-site.com:3000. But xhrFields: {withCredentials: true} is mandatory with jQuery.

Upvotes: 3

Related Questions