I'm using the vhost feature in Express with Node to manage multiple subdomains for my app. The app uses the same session secret and key, and I believe I've used the correct session cookie settings:
path : '/',
domain : '.example.com',
httpOnly : false,
maxAge : 1000*60*60*24*30*12 //one year(ish)
req.session.rep_id = rep._id;
res.redirect('https://' + company.name + '.example.com/');
Try removing the period from
.example.com. My thought here is that you're trying to set a subdomain-only cookie, while still on the root domain. I have read that cookies set on
example.com will be available on all subdomains, too.
Try not redirecting the user to a subdomain immediately, to first verify that the cookie is working on your root domain. Inspect the response headers from your server, then see whether your browser kept the cookie in the next request. Only when you're sure this is working correctly navigate to the subdomain.