I have a single node server that responds to requests and redirects a user based on host headers. The usage is that the static/home site lives at www and each user has their own sub domain (i.e. www.example.com and site.example.com). The routing is as per site.js.
When the user is not logged in they are redirected to login.
I am discovering that the session is not maintained when the user is redirected to their sub domain. I guess this is expected, but I am wondering if there is a way to maintain the same session across both sub domains.
I was hoping that if they were logged in and returned to www.example.com they would see a different view that included a link to logout / their dashboard, etc. My workaround at the moment, I'm thinking, is to just create the session on their subdomain and if they do return to www it will just be as if they are not logged in.
Anyone dealt with this before or have answers on how to handle sessions in this manner?
I think the issue may be in users.js where I redirect to 'http://site.example.com' as its not a relative path...
Here is the relevant code (the user lookup is done using MongoDB and I've left it out as its working fine - the line that calls this service is users.authenticate)...
server.js:
app.configure ->
app.set "views", "#{__dirname}/views"
app.set "view engine", "jade"
app.use express.bodyParser()
app.use express.methodOverride()
app.use express.cookieParser()
app.use express.session {
key: "KEY",
secret: "SECRET",
store: new MemoryStore(),
cookie: {
domain: 'example.com',
maxAge : 1000*60*60*24*30*12
}
}
app.use express.static "#{__dirname}/public"
app.use express.logger "short"
app.use express.favicon "#{__dirname}/public/img/favicon.ico"
app.use app.router
site.js:
module.exports = (app) ->
app.get '/', (req, res) ->
console.log "/ hit with #{req.url} from #{req.headers.host}"
domains = req.headers.host.split "."
org = if domains then domains[0] else "www"
if org == "www"
res.render "index", { layout: null }
else
if req.session.user
console.log "session established"
res.render "app", { layout: null }
else
console.log "no session"
res.redirect "http://www.example.com/accounts/login"
users.js:
users = require('../services/users')
module.exports = (app) ->
app.get "/accounts/login", (req, res) ->
res.render "login", { layout: null, locals: { returnUrl: req.query.returnUrl } }
app.post "/accounts", (req, res) ->
users.authenticate app, req.body.login, req.body.password, (user) ->
if user
req.session.user = user
res.redirect "http://#{user.orgName}.example.com"
else
res.render "login", { layout: null, locals: { returnUrl: req.body.url } }
app.get "/accounts/logout", (req, res) ->
console.log "deleting user from session"
delete req.session.user
res.redirect "http://www.example.com
To test it locally on OSX, I have added www.example.com and site.example.com in to my hosts file so that the DNS lookups get handled locally.
$.ajaxSetup
to addwithCredentials: true
to every request – Gustatory