Sunday, 19 March 2017

Cross site session with NodeJS/Passport/Express backend w/Polymer in front

I've got a node/express/passport backend listening on port 3001 which I'm hitting directly with the browser to authenticate. It authenticates and controls access to protected urls just fine. The front-end is polymer and served on a different port(8080) for dev. After authentication express redirects the browser to the polymer app. The problem is when the polymer app then makes an iron-ajax call back to the express backend, the auth cookie/session handle doesn't get passed, so the backend denies the request.

In production I'm thinking the backend will be on a different sub-domain (backend.foo.com) from the frontend (users.foo.com). Curious if anyone knows how to get express/passport to set a session cookie that will be shared across all the sub domains?



via Richard Rowell

No comments:

Post a Comment