Allow setting the domain of the cookie to change its scope

atinux / nuxt-auth-utils

Add Authentication to Nuxt applications with secured & sealed cookies sessions.

MIT License

976 stars 91 forks source link

Allow setting the domain of the cookie to change its scope #100

Closed genu closed 2 months ago

genu commented 5 months ago

I'm working on a project that has subdomains. I'd like to have the auth cookie be acessible by the parent domain as well as all subdomains.

In order for this to be possible, the cookie domain needs to be set with a preceeding dot in order to scope it to include sub domains.

For example, currently the cookie is always scope to the parent domain: example.com but I would like to be able to scope it to all subdomains instead by setting the cookie domain to: .example.com

DavidDeSloovere commented 3 months ago

H3 is responsible for the session and cookie. You might be able to configure the cookie options like this:

export default defineNuxtConfig({
  runtimeConfig: {
    session: {
      {
        cookie: {
          domain: '.example.com'
        }
      }
    }
  }
})

genu commented 3 months ago

Thanks for the suggestion, but I believe the domain property also needs to be supported in this module as well so the configuration can be passed it:

CleanShot 2024-08-07 at 23 33 04@2x

Its true, that I should be able to pass in the domain to h3 cookie, tghough

DavidDeSloovere commented 3 months ago

I just tested it and seems to work. After running the red squiggle was gone for some reason.

Edit: You should also be able to use ENV variable.