Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sessions Across Subdomains in Express

Tags:

node.js

express

subdomain

session-cookies

vhosts

I'm using the vhost feature in Express with Node to manage multiple subdomains for my app. The app uses the same session secret and key, and I believe I've used the correct session cookie settings:

cookie: {
          path     : '/',
          domain   : '.example.com',
          httpOnly : false,
          maxAge   : 1000*60*60*24*30*12    //one year(ish)
        }

I set a session variable on my regular site where the subdomain is undefined e.g. http://example.com like so:

req.session.rep_id = rep._id;
res.redirect('https://' + company.name + '.example.com/');

But when I redirect them to subdomain.example.com the session doesn't have the rep_id key set to anything. It seems like the session is getting reset between subdomains. How do I get around this?

like image 204
dshipper Avatar asked Aug 07 '12 17:08

dshipper

People also ask

Can you have 2 subdomains?

You create subdomains to help organize and navigate to different sections of your main website. Within your main domain, you can have as many subdomains as necessary to get to all of the different pages of your website.

Where are express sessions stored?

Where is the session data stored? It depends on how you set up the express-session module. All solutions store the session id in a cookie, and keep the data server-side. The client will receive the session id in a cookie, and will send it along with every HTTP request.

What can I use instead of express session?

There are many alternatives to Express-session and it is likely that you are considering building a custom solution. However, as an alternative to Express-session, we have built a secure, open-source and feature-complete solution called SuperTokens. It is already being used by 100s of developers all.

Is express session good for production?

The express-session middleware stores session data on the server; it only saves the session ID in the cookie itself, not session data. By default, it uses in-memory storage and is not designed for a production environment.

1 Answers

Some thoughts:

Try removing the period from .example.com. My thought here is that you're trying to set a subdomain-only cookie, while still on the root domain. I have read that cookies set on example.com will be available on all subdomains, too.

Try not redirecting the user to a subdomain immediately, to first verify that the cookie is working on your root domain. Inspect the response headers from your server, then see whether your browser kept the cookie in the next request. Only when you're sure this is working correctly navigate to the subdomain.

like image 118
rdrey Avatar answered Oct 15 '22 12:10

rdrey
Sign in to Comment

Related questions

Error: Can't set headers after they are sent in firebase cloud function
WebStorm keeps crashing my locally ran server because of Git's index.lock
Can I make TypeScript include node_modules for transpilation?
Node.js HTTP GET “ECONNRESET” Error on read
MongoDB map-reduce (via nodejs): How to include complex modules (with dependencies) in scopeObj?
sanitize user input for child_process.exec command
Transfer large files between Android and Node.js
.net core Application is run with different port with electron.net with cross platrom
How to setup VSCode to debug a webpack bundled nodejs server
fluent-ffmpeg extract audio using streaming
Vue.js CLI 3 - how can I create a vendor bundle for CSS/Sass?
getting error while creating build in angular 5
Zone.js has detected that ZoneAwarePromise `(window|global).Promise` has been overwritten
Typescript - Creating custom express middleware definition
Triggering parallel of 1k HTTP requests would get stuck
Import ES6 Modules with absolute paths in NodeJS without using Babel/Webpack
Server side rendering issue over a CDN
How to reconnect socket after a passive network switch
How can I debug node modules?
Client sends delayed FIN ACK (~500ms) to server

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!