Open mvtcode opened 8 years ago
I'd also be interested in this -- I'm trying to find an answer for this exact situation as well.
Subdomains generally do not exchange cookies. Subdomains are similar but different domains and are treated as such.
While it's probably hackable, this isn't an issue node-client-sessions's code can solve.
Untested, but because this depends on cookies, you should be able to pass the domain
option to set a domain-wide cookie (ex. .github.com
instead of subdomain.github.com
).
Untested proposal:
app.use(sessions({
cookieName: 'mySession', // cookie name dictates the key name added to the request object
secret: 'blargadeeblargblarg', // should be a large unguessable string
duration: 24 * 60 * 60 * 1000, // how long the session will stay valid in ms
cookie: {
domain: '.github.com',
path: '/api', // cookie will only be sent to requests under '/api'
maxAge: 60000, // duration of the cookie in milliseconds, defaults to duration above
ephemeral: false, // when true, cookie expires when the browser closes
httpOnly: true, // when true, cookie is not accessible from javascript
secure: false // when true, cookie will only be sent over SSL. use key 'secureProxy' instead if you handle SSL not in your node process
}
}));
Update: https://github.com/mozilla/node-client-sessions/issues/93 appears to confirm
I want subdomain can have access to session, I have configured like?
eg: I create session at domain abc.com, and I want to access the session in domain name 1.abc.com or 2.abc.com (* .abc.com)
thank!