rp
04/30/2021, 12:19 PMorigin
list should contain https://offscript.io
and https://my.offscript.io
. Also make sure that you have set credentials: true
- Making sure that the webapp is querying https://offscript.io/api/*
as opposed to /api/*
- so that requests from https://my.offscript.io
go to https://offscript.io/api/*
(since the session cookies are attached to https://offscript.io
.
- setting websiteDomain
to be https://offscript.io
always.
- Adding sessionScope
to be .offscript.io
in the backend config for Session.init
- Not using functions like getserversideprops
that do session auth when the domain is my.offscript.io
- cause session cookies won't be sent to https://my.offscript.io
, since they are attached to https://offscript.io