I have 2 web application in same IP and different port:
- app1 = (site.com) -> 66.88.66.88:5000
- app2 = (login.site.com) -> 66.88.66.88:5001
I`m using Nginx and set 2 proxy for these 2 application. The users have to login in to app1 and system will set a session for logged in user. after that system will redirect user to app2 and I need access to logged in user session in appp2. I store my session in mongodb in same collecton that both apps has access to that.
My problem is I can`t have access to loggedin user session in app2.
This is my session settings:
app1:
const MongoStore = require('connect-mongo')(session);
mongoose.Promise = require('bluebird');
const connection = mongoose.createConnection(config.dbhost, function(err){
if(err){
console.log(err);
} else {
console.log('connected to the database successfuly.');
}
});
/* Session config */
var expiryDate = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
app.use(session({
secret: config.secureHasherKey ,
resave: true,
saveUninitialized: false,
cookie: {
secure: false,
httpOnly: true,
domain: 'site.com',
path: '/',
expires: expiryDate
},
store: new MongoStore({ mongooseConnection: connection })
}));
app2:
const MongoStore = require('connect-mongo')(session);
mongoose.Promise = require('bluebird');
const connection = mongoose.createConnection(config.dbhost, function(err){
if(err){
console.log(err);
} else {
console.log('connected to the database successfuly.');
}
});
/* Session config */
var expiryDate = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
app.use(session({
secret: config.secureHasherKey ,
resave: true,
saveUninitialized: false,
cookie: {
secure: false,
httpOnly: true,
domain: 'login.site.com',
path: '/',
expires: expiryDate
},
store: new MongoStore({ mongooseConnection: connection })
}));
And this is my CORS settings:
app.all("*", function (req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Cache-Control, Pragma,
Origin, Authorization, Content-Type, X-Requested-With");
res.header("Access-Control-Allow-Methods", "GET, PUT, POST");
return next();
});
How can I find the problem?