0

I have 2 web application in same IP and different port:

  • app1 = (site.com) -> 66.88.66.88:5000
  • app2 = (login.site.com) -> 66.88.66.88:5001

I`m using Nginx and set 2 proxy for these 2 application. The users have to login in to app1 and system will set a session for logged in user. after that system will redirect user to app2 and I need access to logged in user session in appp2. I store my session in mongodb in same collecton that both apps has access to that.

My problem is I can`t have access to loggedin user session in app2.

This is my session settings:

app1:

const MongoStore = require('connect-mongo')(session);
mongoose.Promise = require('bluebird');
const connection = mongoose.createConnection(config.dbhost, function(err){
   if(err){
       console.log(err);
   } else {
       console.log('connected to the database successfuly.');
   }
});

/* Session config */
var expiryDate = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
app.use(session({
   secret: config.secureHasherKey ,
   resave: true,
   saveUninitialized: false,
   cookie: {
       secure: false,
       httpOnly: true,
       domain: 'site.com',
       path: '/', 
       expires: expiryDate
   },
   store: new MongoStore({ mongooseConnection: connection })
}));

app2:

const MongoStore = require('connect-mongo')(session);
mongoose.Promise = require('bluebird');
const connection = mongoose.createConnection(config.dbhost, function(err){
   if(err){
       console.log(err);
   } else {
       console.log('connected to the database successfuly.');
   }
});

/* Session config */
var expiryDate = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
app.use(session({
   secret: config.secureHasherKey ,
   resave: true,
   saveUninitialized: false,
   cookie: {
       secure: false,
       httpOnly: true,
       domain: 'login.site.com',
       path: '/', 
       expires: expiryDate
   },
   store: new MongoStore({ mongooseConnection: connection })
}));

And this is my CORS settings:

app.all("*", function (req, res, next) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header("Access-Control-Allow-Headers", "Cache-Control, Pragma, 
   Origin, Authorization, Content-Type, X-Requested-With");
   res.header("Access-Control-Allow-Methods", "GET, PUT, POST");
   return next();
 });

How can I find the problem?

Abdol Seed
  • 597
  • 1
  • 6
  • 16
  • Start by checking if a (proper) cookie gets set by `app1`, and if that cookie is being sent in the request to `app2`. FWIW, don't use `expires`, use `maxAge`. See [the fine manual](https://www.npmjs.com/package/express-session#cookieexpires). – robertklep Apr 18 '17 at 13:05
  • `login.site.com` is an subdomain `site.com` . take a look here http://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain – Gntem Apr 18 '17 at 13:10
  • @Mr.Phoenix `app1` sets a cookie for the entire domain `site.com`. – robertklep Apr 18 '17 at 13:11
  • @Mr.Phoenix I checked that link but I still don`t know how can I solve my problem? My session saved in mongo and after I refresh the page, system saved some new empty session (by each refresh !!!) my sessions aren`t stable !! – Abdol Seed Apr 18 '17 at 13:29
  • I appended my CORS settings if you need – Abdol Seed Apr 18 '17 at 13:37
  • @robertklep I need help, Could you help me? The problem now is just I can't read sessions in app2 – Abdol Seed Apr 19 '17 at 05:39

0 Answers0