https://supertokens.com/
Join Discord
Menu
Home
Archive
Question - Is there a way to use multiple cookie domains on one port. the use case we have is the sa...
# support-questions-legacy
a
Question - Is there a way to use multiple cookie domains on one port. the use case we have is the same api server, but we have 2 frontend services on different domains
r
hey @anujchhabria you can. Just don't set any value for cookieDomain on the backend. Also, if the api domain is totally different that the website domain, then it won't work on safari
a
Would that work on safari?
r
not really.
for safari, you would need to create an api domain that would have the same top domain as the website domain and then user that to proxy requests to your main api
a
yep so the best solution is to setup a reverse proxy
r
yes'
well, you could just do a DNS change and create a CNAME that points one domain to another
don't actually have to make a reverse proxy
a
@rp_st Have setup the the CNAME as you suggested
r
cool!
a
However, I get a 440 on the user or refresh api immediately after signing up / logging in 😅
Also - if i change the cookie domain to blank even my original api domain stops working
I'm a bit confused on how and if we can solve this or not
the cookie is getting deleted on the browser - i am assuming that's happening because the domain being returned is the original domain api domain
r
can i see the response headers of when you call sign in?
And the request header on the user API post sign in
a
sure
r
whats the URL of the api you are querying for the user API?
a
same as the login api - https://api.classcard.app/
r
are the cookies in the cookie store on the browser?
a
they get stored after login and then deleted as soon as the user api is caled
called*
r
can i see the request headers and the response of that user API?
a
sure
response from user api
request header i have shared on top
r
right. So this is deleting the cookies as you can see,.
whats the status code response? And whats the request headers?
a
yes, i figured it deleting
response code for the user api?
440
request header
r
Are you setting the credentials setting when making a request to false?
a
sorry, i didnt fully understand the question
r
how are you making the API call? Can i see the code?
a
@abhisheksinghkapoor can you share the api call here
a
Yeah
r
a
It says 
Cookie “sAccessToken” has been rejected for invalid domain.
r
are you setting the domain on the backend explicitly?
a
we are setting it on supoertokens core
in the config.yaml file
r
right to what value?
a
api.classcardapp.com
If i leave that as a blank string it does not work for the original tld as well which is api.classcardapp.co
r
can you comment that config out and see what happens?
a
it fails to start supertokens
since that is required
r
hmm. Seems like a stuck state
What you can do is to add a middleware in laravel which overwrites the cookies being sent in the response to set the domain to the right value. So in the core setting, you can change the cookieDomain back to what it used to be.
a
hmm
okay let me try
@rp_st
Copy code
class SupertokensDomainMiddleware
{
    public function handle(Request $request, Closure $next)
    {

        $sAccessToken = $request->cookie('sAccessToken');
        $sIdRefreshToken = $request->cookie('sIdRefreshToken');

        return $next($request)
        ->withCookie(cookie('sAccessToken', $sAccessToken), time() + (86400 * 30), '/', 'api.classcardapp.com')
        ->withCookie(cookie('sIdRefreshToken', $sIdRefreshToken), time() + (86400 * 30), '/', 'api.classcardapp.com');
    }
}
r
yea.. and also the sRefreshToken
and you want to run this middleware for all API requests
if the response has the sAccessToken set, you want to modify it to have the right domain
same goes for the other 2 cookies
a
seems like the domain is not being replaced
r
im not sure i understadn what you are doing
you are supposed to read the response cookies and modify its domain
not the request cookies
a
Let me relay this message to the team
80 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by