https://supertokens.com/ logo
Join Discord
Powered by
Hi, I'm using multi tenants and wanted to share t...
# support-questions-legacy
z
Hi, I'm using multi tenants and wanted to share the session accros sub domains. So i referred here; https://supertokens.com/docs/emailpassword/common-customizations/sessions/share-sessions-across-sub-domains But the example there uses the prebuilt UI (
supertokens-auth-react
), and i'm using my custom UI (
supertokens-web-js
) How can i accomplish sharing session across domains with the custom UI? Thank you
In addition, Using the 
supertokens-web-js/recipe/session
, I tried to add this,
Copy code
js
Session.init({
        sessionTokenFrontendDomain: ".mydomain.localdev"
      })
And i was logging the user in at 
mydomain.localdev
and then redirecting to 
tenantId.mydomain.localdev
but supertokens was returning 401 unauthorised, meaning the user is not logged in.
r
the setting is right. Are you using header based auth or cookie based auth?
z
ı am not sure ı am using the session recipe
r
well, you are doing session.init, so you must be
b
We're just using the Super Tokens' Session recipe. I'm not sure if we're able to choose which way SuperTokens operates (Header/Cookie based)
While looking at this; https://supertokens.com/docs/thirdparty/custom-ui/handling-session-tokens Since we're using 
supertokens-web-js/recipe/session
And in the doc it says; 
By default, our web SDKs use cookies to provide credentials.
So we must be using cookies because we didn't configure anything to be otherwise.
r
Right. So you get a 401 when making an api call right?
If so, can you enable backend debug logs and show the output when you call the api?
z
When I log in with 
mydomain.localdev
, everything comes up without any problems. then when I redirect to 
tenantId.mydomain.localdev
, these logs come to this output.
r
right. So no access token being sent to the backend. Is the api domain the same for both the sub domains?
z
yes
My init configuration is like this.
r
can i see the API request headers for the API that returns a 401?
z
"zafer" is my subdomain and the part with the sensor is my domain
r
whats the api domain here?
b
its mydomain.localdev
of course we're censoring the actual company name
r
and whats the api domain of your sign inapi?
b
same
we're doing reverse proxy, let me explain
r
can you send over a HAR file
containing the sign in api + this API that fails?
z
The 
zafer.mydomain.localdev.har
file is the failed API call, whereas the 
mydomain.localdev.har
file is the har file of the sign in method.
zafer-mydomain-localdevmydomain-localdev
r
right. Whats the value of cookieDomain on the backend in session.init? Have you set anything for it?
z
I haven't done anything.
r
right. You might want to set the cookieDomain to 
.mydomain.localdev
on the backend. Logout and login again
z
cookieDomain := ".mydomain.localdev"
variable and included it in session.init. After logging in, I started to get 401 unauthorised error when I was at 
mydomain.localdev
without subdomain. Then the session deletes itself and I am redirected to the login page. I also sent the har files if you want to review them
signin-method-mydomain-localdevmydomain-localdev
r
the cookieDomain is still set to 
mydomain.localdev
and not 
.mydomain.localdev
enable backend debug logs and show me the ouput for when you call the supertokens.inti function?
z
I think you want these logs.
r
whats the value of cookieDomain that it's logging out? That needs to be set to 
.mydomain.localdev
z
I'm defining the variable in this way, and when I print the variable to the console myself, it prints as 
.mydomain.localdev
. However, the value of cookiedomain comes as 
mydomain.localdev
, and I don't know why it's happening."
but
okay i just tested it again and it worked. but fyi, in the logs it still prints without the preceding dot
thank you for everything
r
hmm. Thats interesting. Could you open an issue about it? We will fix the logs.
z
Okey I will open issue
6 Views
PreviousNext
Powered by