Authentication on different subdomain #20

Open
coder90 opened this Issue Jan 4, 2013 · 5 comments

Comments

Projects
None yet
5 participants

coder90 commented Jan 4, 2013

Hi Jared.
I would like to know if there is some way to move authentication form to a different subdomain.
When user tries to access restricted area he is redirected to auth. subdomain and asked to enter username, password. When done he is redirected back to where he wanted.

Cookies can be configured to apply to subdomains if they are set on the root domain.
For example: a cookie set on google.com will apply to google.com, search.google.com, and maps.google.com.
See HTTP cookie - Domain and Path on wikipedia for more info.

For me, it seems that the path is / by default.

Cookies are handled by Express, check out the documentation on cookies.
You can set cookie defaults when you create the express session:

app.use(express.session({ secret: 'keyboard cat', cookie: { maxAge: 43200000 } }));

Hope that helps, cheers.

cailie commented Apr 5, 2013

Setting the cookie domain via options passed to express.session did not work for me.

i.e.:

cookie: { maxAge: ONE_DAY, domain: '.mydomain.com' }

Login sessions are destroyed when navigating between apps on different subdomains.

Cannot Passport share login sessions across subdomains?

cailie referenced this issue in jaredhanson/passport Apr 5, 2013

Closed

Login session across subdomains #125

cailie commented Apr 7, 2013

Please see closing comment in referenced passport issue above.

You can use: domain: ".app.localhost" and it will work. The 'domain' parameter needs 1 or more dots in the domain name for setting cookies. Then you can have sessions working across localhost subdomains such as: api.app.localhost:3000.

No, it doesn't help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment