Can't set cookie from subdomain1.example.com which can be read by example.com-CodePudding

I'm using the following to configure my session on subdomain1.example.com:

const expressInstance = express();
expressInstance.use(
    session({
        secret: "my secret",
        cookie: {
            domain: '.example.com',
            sameSite: 'none',
            secure: true,
            maxAge: 1000 * 60 * 60 * 48
        }
    })
);
expressInstance.set('trust proxy', 1);

Then I set it as:

res.cookie("cookie_name", "cookie_value")

I can see this cookie when I visit subdomain1.example.com but not when I visit example.com.

What am I missing? Isn't this a very common use case?

CodePudding user response：

You need to set the path parameter on the cookie to ensure the cookie is sent to example.com.

res.cookie("cookie_name", "cookie_value", {path: '/'});

This will ensure that the cookie is sent to example.com as well as subdomain1.example.com.

CodePudding user response：

Seems like you are setting the domain of the cookie to '.example.com', which means that the cookie will be sent to any subdomain of example.com, but not to example.com itself. To make the cookie available on example.com, you should set the domain to 'example.com' instead of '.example.com'.

Try this:

const expressInstance = express();
expressInstance.use(
    session({
        secret: "my secret",
        cookie: {
            domain: 'example.com',
            secure: true,
            maxAge: 1000 * 60 * 60 * 48
        }
    })
);

You also need to make sure that example.com is accessible over HTTPS.

In addition to that, you can also set the cookie like this:

res.cookie("cookie_name", "cookie_value", { domain: 'example.com' });