Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie not accessible in subdomain in nextjs #38

Open
smartbite-tech opened this issue Feb 15, 2023 · 6 comments
Open

Cookie not accessible in subdomain in nextjs #38

smartbite-tech opened this issue Feb 15, 2023 · 6 comments

Comments

@smartbite-tech
Copy link

Hi, I am facing problem to set and get cookies across the subdomains. let me explain my scenario. so we have a domain and two subomain like localhost.com:3000 & admin.localhost:3000, api.localhost:3000 ( its on single nextjs server I just rewrite the url).
I am trying to set cookie from admin.localhost:3000 but from api.localhost.com:3000 API endpoint, the response header having set-cookie key but its not set in browser. you can check the screenshot
image

Here is the response & request header:
image

No cookie set
image

once I changed the API endpoint to admin.localhost.com:3000 the cookies is working fine. but this is not my case. I need to call all my request from api.localhost.com:3000
image

Note: I also tried with sameSite key with none, lax. but its no working. need help on this. Thank you
@Velik0ff
Copy link

You need to set the domain option to the sub-domain. This allows cookies to be shared with the domain required.

@smartbite-tech
Copy link
Author

You need to set the domain option to the sub-domain. This allows cookies to be shared with the domain required.

@Velik0ff I already tried this.
image

@Velik0ff
Copy link

Velik0ff commented Feb 23, 2023
edited
Loading

You need to set the domain option to the sub-domain. This allows cookies to be shared with the domain required.

@Velik0ff I already tried this. image

I do not know what is the domain set in the environment variable, however, in order for my-site.example.com to have the same cookies as origin.example.com or example.com, the domain field needs to be set to the registered domain by eTLD+1, which given from the examples (my-site.example.com, origin.example.com) should be example.com (the main domain)

I can see that in your case you have used .localhost.com and you should remove the "." before the domain name

@smartbite-tech
Copy link
Author

I tried it by removing the . before localhost.com but no luck. As I said in question that if I am requesting to save cooking at api.localhost.com from admin.localhost.com, meaning my requested subdomain is different from the origin subdomain.
Note: If I am changing my requested subdomain same as origin subdomain (admin.localhost.com) the cookie is working.

@Velik0ff
Copy link

I just saw that your requests are made with :3000 whilst you are specifying the domain to contain localhost.com. If working on different ports, this would be considered cross-site cookies, thus sameSite field has to be none.

However, this is a big security issue that you introduce and I would advise on doing it only in isolated development environments.

@sandrinjoy
Copy link

localhost.com

Bro what is localhost.com ? do you own this domain?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Velik0ff @sandrinjoy @smartbite-tech