I have two domains. One is opencubes.io the other my.opencubes.io. My express setup looks like this:
server.use express.cookieParser(config.securitySalt)
server.use express.session cookie: domain: ".opencubes.io"
server.use flash()
require("./passport") passport, config
# use passport session
server.use passport.initialize()
server.use passport.session()
The problem is that the user is not recognized in subdomain. I made a route that returns the current user username for test, and whenever I log in the domain, the cookie connect.sid is created (with domain set to .opencubes.io). The cookie informations looks like this in the subdomain:
And so when in the browser (in subdomain), I run $.get('//opencubes.io/api/v1/users/$.json', function(data){console.log(data)}), it just return {}. The request is:
Host: opencubes.io
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: */*
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://my.opencubes.io/
Origin: http://my.opencubes.io
Connection: keep-alive
And the response:
Access-Allow-Control-Origin: "*"
Connection: "keep-alive"
Content-Length: "2"
Content-Type: "application/json; charset=utf-8"
Date: "Wed, 20 Aug 2014 13:40:38 GMT"
Etag: "W/"2-2745614147""
Server: "nginx/1.7.4"
Set-Cookie: "connect.sid=s%3AQ_ruHfe...yJrw; Domain=.opencubes.io; Path=/; HttpOnly"
Vary: "X-HTTP-Method-Override"
x-content-type-option: "nosniff"
How to share the sid so that the subdomain can make requests "in its name" without re-asking for credentials?
Note:
The subdomain is a nginx redirection to opencubes.io/dashboard
I just added this line:
$.ajaxSetup({xhrFields: { withCredentials: true }});
And it works. thank you :)