Session Cookie is not being set via remote server

[jerryharrison]

I have a thorax client app that is hosted on a static server. It needs to be accessible from various subdomains (foo.example.com, bar.example.com, baz.example.com). Each of the subdomains loads the same static files/thorax app.

I have a hapi.js app running on api.example.com with auth-cookie scheme in place.

My issue is having foo.example.com perform a login request and having api.example.com set the cookie for the session to be recognized on the server side in following request to protected endpoints.

If I make the request from foo.example.com to foo.example.com/login the cookie is set and the session works. However, this is not suitable for production. We need to have a static server serve up the thorax app and the hapi server manage sessions and endpoints.

I have CORS setup as such:

    cors: {
      matchOrigin: true,
      isOriginExposed: false,
      headers: ['Authorization', 'Content-Type', 'If-None-Match'],
      maxAge: Math.round(86400 * (365/12)),
      methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']
    },

Any advice or help would be great appreciated!

Thanks.

[jerryharrison]

User error.

[lock]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.