Allow next auth cookies and session on sub domains
Unanswered
Spectacled bear posted this in #help-forum
Spectacled bearOP
Hi, I'm implementing sub domain architecture in next js app. Initially I was getting a error of invalid redirect_uri so what i did to redirect to the main domain for the login and redirect back to the sub domain again after successful login. Im facing one issue where I'm signed in on the main domain i.e root domain but the session is not getting shared on the sub domain.
Cookie code for sub domain
Cookie code for sub domain
cookies: {
sessionToken: {
name:${nextAuthUrl.startsWith('https://') ? '__Secure-' : ''}next-auth.session-token,
options: {
domain:
nextAuthUrl === 'http://localhost:3000'
? '.localhost'
: '.' + new URL(nextAuthUrl).hostname, // support all subdomains
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: nextAuthUrl.startsWith('https://'),
},
},
},
15 Replies
Spectacled bearOP
Anyone?
Firstly, bumps are allowed once a day, this is free help. Second, can you provide the code in which you set the cookies?
Or is this done directly within next auth through some sort of abstraction?
cookies: {
sessionToken: {
name: 'next-auth.session-token',
options: {
httpOnly: true,
secure: true,
sameSite: 'lax',
path: '/',
domain: '.yourdomain.com' // Set the domain to the base domain
}
}
}as you can see here it should just be set as
.yourdomain.com I cant tell what your variables are set to in your example@Jboncz js
cookies: {
sessionToken: {
name: 'next-auth.session-token',
options: {
httpOnly: true,
secure: true,
sameSite: 'lax',
path: '/',
domain: '.yourdomain.com' // Set the domain to the base domain
}
}
}
as you can see here it should just be set as `.yourdomain.com` I cant tell what your variables are set to in your example
Spectacled bearOP
This is the code im using for setting cookies.
Im trying to test on localhost, im able to sign in on the root domain but the session is not getting shared with subdomain.
cookies: {
sessionToken: {
name: ${nextAuthUrl.startsWith('https://') ? '__Secure-' : ''}next-auth.session-token,
options: {
domain:
nextAuthUrl === 'http://localhost:3000/'
? '.localhost'
: '.' + new URL(nextAuthUrl).hostname, // support all subdomains
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: nextAuthUrl.startsWith('https://'/),
},
},
},
Im trying to test on localhost, im able to sign in on the root domain but the session is not getting shared with subdomain.
Local host changes things... and you arent able to mark it as 'secure' because its local host.
You will have to do some trickery to get it all to work in local host properly.
secure will have to be false or omitted
in addition to...
1. Modify Your Hosts File
Location:
C:\Windows\System32\drivers\etc\hosts
2. Add Entries:
127.0.0.1 yourdomain.local
127.0.0.1 subdomain1.yourdomain.local
127.0.0.1 subdomain2.yourdomain.local
Replace yourdomain.local and subdomain1.yourdomain.local, subdomain2.yourdomain.local with your desired domain and subdomains.
1. Modify Your Hosts File
Location:
C:\Windows\System32\drivers\etc\hosts
2. Add Entries:
127.0.0.1 yourdomain.local
127.0.0.1 subdomain1.yourdomain.local
127.0.0.1 subdomain2.yourdomain.local
Replace yourdomain.local and subdomain1.yourdomain.local, subdomain2.yourdomain.local with your desired domain and subdomains.
Thats assuming your entire environment is being tested locally, if your trying to test with local host but also with live site hosted somewhere else it turns into a whole other cluster f
@Jboncz Local host changes things... and you arent able to mark it as 'secure' because its local host.
Spectacled bearOP
Ok, will try on hosted env. but is this the best approach, can't we do something for an invalid redirect URI that comes when we try to initiate the login process on sub domain provided the redirect URI are registered for the root domain only?
Yes you can add the domains to your nextjs config
I think... lol one sec looking
I think this would fix that, I cant remember. Ive seen the issue once before but cant remember exactly