Subdomain in React JS

Question

I am working on a MERN app that requires dynamic subdomains for each company (e.g. companyname.localhost). To achieve this, I have added the line

DANGEROUSLY_DISABLE_HOST_CHECK=true 

in my .env file.

When a user logs in at localhost:3000, cookies are created and the user is authenticated. If the user is registered with a specific company, they should be redirected to companyname.localhost while remaining logged in. However, upon redirecting to the subdomain, all cookies that were created on localhost are lost and the user is redirected to the login page again. I expected the cookies to persist on the subdomain and enable the user to remain logged in. Can someone please assist me with this issue? Thank you.

Answer 1

It's not safe to disable host checking as it can make your app vulnerable to DNS Rebinding attacks. Instead, you should configure a proxy server to handle your subdomains.

Regarding the issue with cookies being lost after the redirect, this is because cookies are domain-specific. If a cookie is set for localhost, it can only be accessed on localhost. Similarly, a cookie set for a specific subdomain can only be accessed on that subdomain.

To make your cookies accessible on subdomains, you need to set the domain property of the cookie to the parent domain. In your case, you should set the domain property to ".localhost" instead of "localhost".

For example, when setting a cookie using JavaScript, you can set the domain property like this:

document.cookie = "mycookie=test; domain=.localhost; path=/";

This will make the cookie accessible on all subdomains of localhost, including companyname.localhost.

I hope this helps you resolve your issue.