I create the passport session on sub.domain.com. I want to use this session on domain.com.
I tried setting session-cookie, like so:
app.use(
session({
cookie: {
path: '/',
domain: 'domain.com' // also tried '.domain.com'
The cookie that passport created always has sub.domain.com, and seems to ignore the above code all together. What am I doing wrong?
The answer was to put the domain outside the cookie block:
app.use(
session({
domain: '.domain.com' //!important
cookie: {
path: '/',
domain: '.domain.com'