subdomain

[mvtcode]

I want subdomain can have access to session, I have configured like?

eg: I create session at domain abc.com, and I want to access the session in domain name 1.abc.com or 2.abc.com (* .abc.com)

thank!

[compoundf]

I'd also be interested in this -- I'm trying to find an answer for this exact situation as well.

[ghost]

Subdomains generally do not exchange cookies. Subdomains are similar but different domains and are treated as such.

While it's probably hackable, this isn't an issue node-client-sessions's code can solve.

[gswalden]

Untested, but because this depends on cookies, you should be able to pass the domain option to set a domain-wide cookie (ex. .github.com instead of subdomain.github.com).

Untested proposal:

app.use(sessions({
  cookieName: 'mySession', // cookie name dictates the key name added to the request object
  secret: 'blargadeeblargblarg', // should be a large unguessable string
  duration: 24 * 60 * 60 * 1000, // how long the session will stay valid in ms
  cookie: {
    domain: '.github.com',
    path: '/api', // cookie will only be sent to requests under '/api'
    maxAge: 60000, // duration of the cookie in milliseconds, defaults to duration above
    ephemeral: false, // when true, cookie expires when the browser closes
    httpOnly: true, // when true, cookie is not accessible from javascript
    secure: false // when true, cookie will only be sent over SSL. use key 'secureProxy' instead if you handle SSL not in your node process
  }
}));

Update: https://github.com/mozilla/node-client-sessions/issues/93 appears to confirm