https://supertokens.com/ logo
Join Discord
Powered by
hello, I had some question regarding session shari...
# support-questions-legacy
a
hello, I had some question regarding session sharing across subdomains. At the moment im deploying on running on localhost. I have the main domain localhost:3000/ and a subdomain blog.localhost:3000/. The problem im coming across is that when i access the subdomain it redircts me to the login page to login and even if i do login it redirects me back to the login page. The session returns unauthorized. I looked into session sharing and the sessionTokenFrontendDomain i set to ".localhost" but in the caution section of the documentation it says I should not set it to localhost. I instead have indeed declared on my /etc/hosts file the subdomain for blog.localhost. However the problem persists. Am i missing a step? Also do i keep the sessionTokenFrontendDomain with the mention in the hosts file or i remove it?
r
hey @abyssalhaze try editing the /etc/host file to something like example.com and blog.example.com (or your actual domain), and setting the sessionTokenFrontendDomain to 
.example.com
. browsers don't really respect 
.localhost
as a cookie domain
a
So in that case i would need to change how the server works since at the moment everything runs on localhost. So i would need to change it to a sample domain configuration and have itt server through that for it to make it work with super tokens?
r
this is more about the frontend., You can make the example.com domain point to localhost in /etc/hosts file.
a
ah I see what you mean now, ill give it a try
Its not working with blog.example.com either It keeps redirecting me to the login page and giving unauthorized error I placed the .example.com in the sessionToken
r
it will redirect you to whatever your websiteDomain value is set to
so if you want the login UI to show on the sub domain and the main domain, set the websiteDomain to window.location or something like that
a
No what im saying is its forcing the redirect, its not recognizing the session.
Even if u do login it loops me back as if i didnt login
r
can you send a screenshot of the cookie store?
a
One moment
r
and whats the url you are currently on?
a
blog.example.com
r
right. so it seems that you have not logged in. Can you clear all the cookies shown above, and try logging in again, and then show me the cookie store?
a
r
right. And now does it do the redirection too?
a
well after i go to blog.example.com afterwards it redircts me back and the cookies are cleared
r
im not sure what your setup is. So its hard to debug
the cookies being cleared is not something that we do automatically
a
so it seems the cookies are propelry being set but its just being cleared osmehow
r
what are the network requests? Can you enable backend and frontend debug logs and show us the output starting from a fresh, clear cookies?
also, i don't quite know how you have two sRefreshToken cookies. DId you change the apiBasePath?
a
Apparently there was an issue with how the tokens were being saved, there was a request that was being sent (which was being unauthorized because it wasnt picking up the token being sent) I had to entirely change the frontend deployment to map to another domain from localhost and then have that serve an https server. I had to create a self assigned ssl for that. It managed to work in the end now the blog.website.com:3000/ and website.com:3000 were sharing the session details Though I still had one problem which was that since im using next ( i assume its cause of that) when i visit blog.website.com:3000 (which I made it so to rewrites the url to blog.website.com:3000/blog) would initally show the blog page as intended (and even load the session details) but it would then redirect back to the index page which is the login page. I circumevented the problem to just have the subdomain url be blog.website.com:3000/posts
8 Views
PreviousNext
Powered by