I am using express-session and MongoDbStore to store session variables. However after implementing subdomains using vhost, The session variables are not shared between the subdomains. My session config is as follows
app.use(session({
secret: process.env.EXPRESS_SECRET,
cookie: {
path : '/',
domain : 'example.com',
httpOnly : false,
maxAge : 1000*60*60*24*7
},
store: store,
resave: false,
}))
Sample vhost code :
app.use(vhost('login.example.com' , loginApp))
app.use(vhost('some.example.com' , someApp))
The session variables are stored in the MongoDB, but there are different documents for each subdomain. How can i make those session variables universal for all my subdomains?
What i have tried till now : Keeping domain as '.example.com', not including the path parameter, not including the domain parameter, not including the httpOnly parameter, using resave as true But nothing seems to work Thank you in advance
I have found the solution while looking through other solutions in the forum, If someone comes across this try to use this express function :
app.use(function(req, res, next) {
// Access-Control-Allow-Origin only accepts a string, so to provide multiple allowed origins for requests,
// check incoming request origin against accepted list and set Access-Control-Allow-Origin to that value if it's found.
// Setting this value to '*' will allow requests from any domain, which is insecure.
var allowedOrigins = ['https://subdomain1.domain.com', 'https://subdomain2.domain.com' , 'https://subdomain3.domain.com'];
var acceptedOrigin = allowedOrigins.indexOf(req.headers.origin) >= 0 ? req.headers.origin : allowedOrigins[0];
res.header("Access-Control-Allow-Origin", acceptedOrigin);
next();
});