1

I have two Kraken JS applications running with connect-mongo as middleware for session storage, on two subdomains like one.example.com and two.example.com. Both are protected by user login.

How could I implement a SSO feature to my apps? Maybe setting the session cookie domain to example.com instead of the subdomain?

Stennie
  • 63,885
  • 14
  • 149
  • 175
maephisto
  • 4,952
  • 11
  • 53
  • 73
  • That would seem a valid thing to try. Have you? Most SSO principles are usually about distinct domains with an authentication service to manage it. Cookies should be valid for a base domain unless specified explicitly otherwise. – Neil Lunn Jan 07 '15 at 10:41

1 Answers1

0

The solution was indeed to set the cookie domain to ".example.com" in configs of both apps.

In the configuration file, at 

"middleware" -> "session" -> "module" -> "arguments" -> "cookie"

I added 

"domain": ".example.com"
maephisto
  • 4,952
  • 11
  • 53
  • 73