auth-module icon indicating copy to clipboard operation
auth-module copied to clipboard

Published 20 hours ago verified publisher icon nuxt-community

Set cookie domain to all subdomains by default not working as stated in the docs

Open phips28 opened this issue 4 years ago • 3 comments

Version

module: ^4.9.1 nuxt: 2.14.5

In the docs (https://auth.nuxtjs.org/api/options#cookie) it says:

domain - domain (and by extension subdomain/s) where the cookie is visible. Default is domain and all subdomains.

But thats not true, its not default to all subdomains .domain.com instead it sets full domain www.domain.com.

What is expected?

set cookie on domain .domain.com by default, not the full domain

What is actually happening?

set cookie on www.domain.com

phips28 avatar Jan 29 '21 19:01 phips28

I had some extra test I made because I don't fully understand how to manage cookies.

I modified my hosts file with

127.0.0.1 localhost test.localhost

I ran two instances of the same projet via:

# term 1
$ yarn dev
# term 2
$ HOST=test.localhost PORT=2222 yarn dev

On both instances I can reach the app through localhost or test.localhost. I think HOST=test.localhost is not taken into consideration but anyway.

If I login in localhost:

  • I can be connected in localhost:3000 or localhost:2222
  • I'm not connected in test.localhost:3000 or test.localhost:2222

If I login in test.localhost:

  • I can be connected in test.localhost:3000 or test.localhost:2222
  • I'm not connected in localhost:3000 or localhost:2222

Once the right cookies are set, the auth reconstructs everything and works fine. But subdomains can't access to parent's cookies and vice versa.

So questions are:

  • How to share cookies under a same domain and achieve subdomains persistent connexion?
  • Will it work if I have instance 1 SSR mode and instance 2 SPA mode ?

existe-deja avatar May 10 '21 11:05 existe-deja

Here is workaround - Create middleware and add in route object in nuxt.config.js

export default function ({$auth, $cookies}) {
    if($auth.loggedIn){
        const token = $auth.getToken('local')
        $cookies.set('lupower', token, {
            domain : '.letsupgrade.in'
          })
    } else if(!$auth.loggedIn){
        $cookies.set('lupower', false, {
            domain : '.letsupgrade.in'
          })
    }

}

viralpatel380 avatar Sep 03 '21 19:09 viralpatel380

Same issue here. I have to specify it for each environment.

cookie: { prefix: 'auth_', options: { expires: 365, domain: process.env.COOKIES_DOMAIN } }

R-Pin3da avatar Jun 21 '22 14:06 R-Pin3da