Lost in subdomains !
-
Hi, if my forum is forum.domain.com and another application is app.domain.com (same domain) is there a way to read express.sid set by nodebb from app.domain.com ? thank you.
-
There is no simple way of doing this. Nor is it recommended to do so.Let me assume you asked for a simple way of session-sharing (e.g. for shared login), then I'd refer to this plugin. -
Yes the question is about session sharing. I want users logged in nodebb and reuse session in the other app. NodeBB as identity provider. Is nodebb-plugin-session-sharing intended for this purpose ?
In ACP > settings > advanced what does 'Set domain for session cookie' mean if we set '.domain.com' (with dot) ? -
Sorry, I've missed that option. Seems like it does just what you asked for (didn't test, just looked into source code).
EDIT: Yes, the dot is needed to allow subdomains (like your forum) to read the cookie.
-
@Tristan Since the sessions are stored within the database, you'll have to remove them (either within your browser or the database) in order to force a new cookie. This will require a new login of course.
-
It seems you cannot revoke the active session from user settings.
Here are the commands to database-wise revoke all active sessions:
redisdb:
redis-cli KEYS sess:* | xargs redis-cli DEL
mongodb (interactive mode):db.sessions.remove({}) -
I remove all sessions with db.sessions.remove({}) but now i can't logged in (403 Forbidden) also when i restart nodebb ?? but cookie domain was .domain.com now
one step forward, one step backward.
Edit : loggin with Firefox works but not with chrome.
ReEdit : sorry clear cache solve it. So now i have the same cookie (.domain.com) in chrome debugger at forum.domain.com and app.domain.com. Thank you very much.
