Sharing cookies between multiple subdomains on localhost

[aarepuu]

What is the issue: Hello. I'm trying to test sharing cookies between multiple subdomains on my local machine with a self hosted Supertokens instance following the guides in documentation (share-sessions-across-sub-domains and multiple-api-endpoints), but I'm not able to achieve the desired outcome.

I have an auth UI (a Vue.js app) exposed on http://localhost:3030 and an application UI (also a Vue.js app) exposed on http://localhost:3010. The application UI also supports subdomains, for example http://demo.localhost:3010. Then I have a auth API (a Nest.js app) set up for supertokens auth exposed on http://localhost:3001.

It is working as expected if I log in via the auth UI and then use the application UI on http://localhost:3010. However if I use the application UI on a subdomain, e.g. http://demo.localhost:3010 whilst already been logged in via the auth UI I am getting back doesSessionExist: access token does not exist locally from the auth API.

Also looking at the Cookies on dev console for http://demo.localhost:3010 the st-last-access-token-update cookie the domain is demo.localhost and for http://localhost:3010 the domain is localhost.

I'm wondering if my Supertoken configuration is not correct or whether it's not possible to test this on localhost without changing the /etc/hosts file and/or redirecting ports (or using a some sort of reverse-proxy setup), or I have missed something obvious?

How does my configurations look like: Both frontend applications Supertokens init are as follows:

SuperTokens.init({
  appInfo: {
    appName: 'Example APP',
    apiDomain: 'http://localhost:3001',
    apiBasePath: '/auth'
  },
  recipeList: [
    /* other recipes */
    Session.init({
      sessionTokenBackendDomain: '.localhost',
      sessionTokenFrontendDomain: '.localhost'
    }),
  ]
})

The backend auth API Supertokens init is as follows:

supertokens.init({
      appInfo: 'Example API',
      supertokens: {
        connectionURI: 'http://localhost:3567',
        apiKey: 'super-secret-api-key',
      },
      recipeList: [
       /* other recipes */
        Session.init({
          cookieDomain: '.localhost',
        }),
      ],
    });

Anything else useful?: Environment:

• Supertokens frontends: vue: 3.2.47 and supertokens-web-js: 0.5.0
• Supertokens backend: @nestjs/core: 9.0.0 and supertokens-node: 13.5.0
• Supertokens core: self hosted via docker-compose using registry.supertokens.io/supertokens/supertokens-postgresql:4.3 and postgres:15-alpine.
• User OS & Browser: Mac M1 running MacOS 12.6 and Chrome 112.0.5615.137

[rishabhpoddar]

The config seems fine. I think the issue is that you are trying to do this on .localhost. You may want to try the method of modifying the /etc/hosts file.