Authentication on different subdomain

[coder90]

Hi Jared.
I would like to know if there is some way to move authentication form to a different subdomain.
When user tries to access restricted area he is redirected to auth. subdomain and asked to enter username, password. When done he is redirected back to where he wanted.

[clayzermk1]

Cookies can be configured to apply to subdomains if they are set on the root domain.
For example: a cookie set on google.com will apply to google.com, search.google.com, and maps.google.com.
See HTTP cookie - Domain and Path on wikipedia for more info.

For me, it seems that the path is / by default.

Cookies are handled by Express, check out the documentation on cookies.
You can set cookie defaults when you create the express session:

app.use(express.session({ secret: 'keyboard cat', cookie: { maxAge: 43200000 } }));

Hope that helps, cheers.

[cailie]

Setting the cookie domain via options passed to express.session did not work for me.

i.e.:

cookie: { maxAge: ONE_DAY, domain: '.mydomain.com' }

Login sessions are destroyed when navigating between apps on different subdomains.

Cannot Passport share login sessions across subdomains?

[cailie]

Please see closing comment in referenced passport issue above.

[ruanb7]

You can use: domain: ".app.localhost" and it will work. The 'domain' parameter needs 1 or more dots in the domain name for setting cookies. Then you can have sessions working across localhost subdomains such as: api.app.localhost:3000.

[dangerden]

No, it doesn't help.