dshipper dshipper - 11 months ago 109
Node.js Question

Sessions Across Subdomains in Express

I'm using the vhost feature in Express with Node to manage multiple subdomains for my app. The app uses the same session secret and key, and I believe I've used the correct session cookie settings:

cookie: {
path : '/',
domain : '.example.com',
httpOnly : false,
maxAge : 1000*60*60*24*30*12 //one year(ish)

I set a session variable on my regular site where the subdomain is undefined e.g. http://example.com like so:

req.session.rep_id = rep._id;
res.redirect('https://' + company.name + '.example.com/');

But when I redirect them to subdomain.example.com the session doesn't have the rep_id key set to anything. It seems like the session is getting reset between subdomains. How do I get around this?

Answer Source

Some thoughts:

Try removing the period from .example.com. My thought here is that you're trying to set a subdomain-only cookie, while still on the root domain. I have read that cookies set on example.com will be available on all subdomains, too.

Try not redirecting the user to a subdomain immediately, to first verify that the cookie is working on your root domain. Inspect the response headers from your server, then see whether your browser kept the cookie in the next request. Only when you're sure this is working correctly navigate to the subdomain.