Home > Blockchain >  How to share cookie across different domains NodeJS
How to share cookie across different domains NodeJS

Time:10-20

I have this return statment in my backend code:

return res
.status(200)
.cookie("auth_token", token, {
  httpOnly: false,
  domain: "domain.com",
  secure: true,
  expires: new Date(Date.now()   (6 * 60 * 60 * 1000))
})
.send({
  data: token,
  code: "100",
  message: `AUTHENTICATION SUCCESS. IP: ${clientIP}, Geo: ${location}, Info: ${
    (app, os)
  }`,
});

which saves a JWT token on domain domain.com, I'd like this to also work with domain2.com, for example, as my authentication system is now used for multiple sites and it runs off of a different domain to domain2.com.

A user goes on site domain.com and that site checks if a auth-token cookie is present, if not it should redirect to a completely different domain auth.domain2.com. This is where the user authenticates; once they have autenticated themselves the above return statment should save the cookie in their browser for ideally domain.com and domain2.com. After, they are redirected back to domain.com for it to then check if the auth-token cookie is present once again, if so, check it's valid, and then allow the user in.

I have tried to just save the cookie for the domain thats not the domain the autenticated code is run on (the code above for example): domain: "domain.com" to domain: "domain2.com" it still will not work/save the cookie for that domain.

Is this possible? If not what are the workarounds?

CodePudding user response:

Cookies from one domain cannot be accessed from another domain, but this is actually not necessary.

The logon flow that you describe implies for me that you need two cookies:

  1. User visits domain.com and a logon flow starts with a redirection to auth.domain2.com.
  2. User posts their credentials to auth.domain2.com and receives a response that
    • sets a cookie A for domain auth.domain2.com and
    • redirects the browser back to domain.com (with a SAML response or a JWT or an authorization code or something that indicates that the user has successfully logged on).
  3. In response to the request domain.com?SAMLResponse=..., the browser receives a cookie B (a JWT named auth_token in your case) for domain domain.com.

After that, every request that the browser makes to domain.com contains cookie B, which therefore establishes a session with domain.com.

If the user later visits domain3.com (or returns to domain.com after having logged off), a second logon flow to auth.domain2.com is started, but this time, the request to auth.domain2.com contains cookie A. Therefore, auth.domain2.com immediately redirects the browser back to domain3.com, without asking for credentials in step #2 above.

In other words: Cookie A establishes a session with auth.domain2.com, and cookie B establishes a session with domain.com. (And a third cookie C establishes a session with domain3.com in step #3 of the second logon flow.)

This should fulfil your requirements.

Page link:https//www.codepudding.com/Blockchain/581823.html

Prev:Retrieve viral tweets topic from Twitter API
Next:Is type inference based off the shape of an object possible in typescript?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding