Closed panteluke closed 9 years ago
mark-bradshaw
commented
9 years ago Hi. The default hapi cookie configuration for domain is null, which I believe would allow the browser to store the cookie with whatever domain it originates from. So I would've expected that this would have not been an issue at all. Are you actually seeing an issue, or just wondering if you will run into one?
panteluke
commented
9 years ago To be honest, if I remember correctly, the browser would not accept the cookie if the domain was null. That was the reason that I had to set domain in the first place.
mark-bradshaw
commented
9 years ago Try unsetting it, and see what happens in browser.
panteluke
commented
9 years ago If you unset it, then there's no cookie set in the browser (I'm checking Resources panel of chrome). I forgot to mention that in my case the calls from the browser are through ajax and i'm accessing api.example.com from web.example.com. Now, the even weirdest thing is that session works! At every request/response the cookie headers are there.
panteluke
commented
9 years ago OK. If I trick the browser and open a tab for api.example.com, then I can see the cookie there (in the Resources panel). So I suppose, this is not an issue.
mark-bradshaw
commented
9 years ago Very good.
lock[bot]
commented
4 years ago This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.
Hi guys,
just one small question. I have a server running which listens on 2 different urls. I'm using yar for my sessions. But it's critical to use the respective domain for cookies depending on where the request comes from. I can see that you setup your domain used for cookies in your configuration object. So, is it possible to assign this per request? Or is it something related to hapijs?