Lost in subdomains !

  • Hi, if my forum is forum.domain.com and another application is app.domain.com (same domain) is there a way to read express.sid set by nodebb from app.domain.com ? thank you.

  • GNU/Linux

    There is no simple way of doing this. Nor is it recommended to do so.

    Let me assume you asked for a simple way of session-sharing (e.g. for shared login), then I'd refer to this plugin.

  • Yes the question is about session sharing. I want users logged in nodebb and reuse session in the other app. NodeBB as identity provider. Is nodebb-plugin-session-sharing intended for this purpose ?
    In ACP > settings > advanced what does 'Set domain for session cookie' mean if we set '.domain.com' (with dot) ?

  • GNU/Linux

    Sorry, I've missed that option. Seems like it does just what you asked for (didn't test, just looked into source code).

    EDIT: Yes, the dot is needed to allow subdomains (like your forum) to read the cookie.

  • I don't understand, I've put .domain.com in that field (restart nodebb) but in chrome debug the cookie domain is still subdomaion.domain.com and my app does not access cookie ?

  • GNU/Linux

    @Tristan Since the sessions are stored within the database, you'll have to remove them (either within your browser or the database) in order to force a new cookie. This will require a new login of course.

  • Admin

    @Tristan -- from the user settings page, you can revoke active sessions. I would just clear all cookies from your existing domain and refresh. That will cause a new cookie to be generated.

  • GNU/Linux

    It seems you cannot revoke the active session from user settings.

    Here are the commands to database-wise revoke all active sessions:

    redisdb: redis-cli KEYS sess:* | xargs redis-cli DEL
    mongodb (interactive mode): db.sessions.remove({})

  • I remove all sessions with db.sessions.remove({}) but now i can't logged in (403 Forbidden) also when i restart nodebb ?? but cookie domain was .domain.com now ;) one step forward, one step backward.
    Edit : loggin with Firefox works but not with chrome.
    ReEdit : sorry clear cache solve it. So now i have the same cookie (.domain.com) in chrome debugger at forum.domain.com and app.domain.com. Thank you very much.

Log in to reply

Looks like your connection to NodeBB was lost, please wait while we try to reconnect.