0

i'm having an issue where I have 2 frontend applications running on 2 different domains: localhost:3000 and localhost:3001. They both are communicating with an API running on localhost:4000. The issue that i'm having with the express session is when I connect to localhost:3000 and make a request to any route from localhost:3001, the browser is using the cookie set in localhost:3000.

Here is my session configuration:

const sessionConfig = {
  store: new MongoStore({
    mongooseConnection: mongoose.connection,
  }),
  cookie: {
    maxAge: THIRTY_MINUTES,
  },
  resave: true,
  rolling: true, // Allows to refresh cookie's max age on every request.
  saveUninitialized: true,
  secret: process.env.SESSION_SECRET, // this is a random key
};

I tried modifying paths / cookie name when the user authenticates on localhost:3000 but it doesn't seem to work.

I could add additional information to the session and create a middleware that would verify where the user is coming from but is this a normal behaviour ?

yeeeehaw
  • 191
  • 2
  • 5
  • 1
    Yes, [this is normal behavior](https://stackoverflow.com/questions/1612177/are-http-cookies-port-specific). –  Mar 01 '21 at 10:26
  • Thanks for the link, To work it out locally I changed `localhost:3001` to`127.0.0.1:3001` and kept the other app on `localhost:3000` – yeeeehaw Mar 01 '21 at 10:32

0 Answers0