Hi,
I am a relatively new web developer, and wanted to know whether this was a good enough approach to my problem.
I have nodebb forums running on a subdomain, and want some of the details of the logged in user to be available to my main domain. I do not want a full fledged sso system or something like that, as I want minimum hassle. I was thinking of the following method, and wanted whether this is feasible from a technical and security point of view.
I was thinking of setting '.example.com' for my express cookie session so it is available on my main domain. From there, I can use this cookie to make a cURL request to a custom api endpoint on my forums, which basically returns the users details if the cookie can be authenticated.
I hope someone can help me, as I am unsure from a security point of view whether it is feasible.
Thanks