Set cookie domain to all subdomains by default not working as stated in the docs

[phips28]

Version

module: ^4.9.1 nuxt: 2.14.5

In the docs (https://auth.nuxtjs.org/api/options#cookie) it says:

domain - domain (and by extension subdomain/s) where the cookie is visible. Default is domain and all subdomains.

But thats not true, its not default to all subdomains .domain.com instead it sets full domain www.domain.com.

What is expected?

set cookie on domain .domain.com by default, not the full domain

What is actually happening?

set cookie on www.domain.com

[existe-deja]

I had some extra test I made because I don't fully understand how to manage cookies.

I modified my hosts file with

127.0.0.1 localhost test.localhost

I ran two instances of the same projet via:

# term 1
$ yarn dev
# term 2
$ HOST=test.localhost PORT=2222 yarn dev

On both instances I can reach the app through localhost or test.localhost. I think HOST=test.localhost is not taken into consideration but anyway.

If I login in localhost:

• I can be connected in localhost:3000 or localhost:2222
• I'm not connected in test.localhost:3000 or test.localhost:2222

If I login in test.localhost:

• I can be connected in test.localhost:3000 or test.localhost:2222
• I'm not connected in localhost:3000 or localhost:2222

Once the right cookies are set, the auth reconstructs everything and works fine. But subdomains can't access to parent's cookies and vice versa.

So questions are:

• How to share cookies under a same domain and achieve subdomains persistent connexion?
• Will it work if I have instance 1 SSR mode and instance 2 SPA mode ?

[viralpatel380]

Here is workaround - Create middleware and add in routeobject in nuxt.config.js

export default function ({$auth, $cookies}) {
    if($auth.loggedIn){
        const token = $auth.getToken('local')
        $cookies.set('lupower', token, {
            domain : '.letsupgrade.in'
          })
    } else if(!$auth.loggedIn){
        $cookies.set('lupower', false, {
            domain : '.letsupgrade.in'
          })
    }

}

[R-Pin3da]

Same issue here. I have to specify it for each environment.

cookie: { prefix: 'auth_', options: { expires: 365, domain: process.env.COOKIES_DOMAIN } }