I am trying to refactor existing express/angular app. The app is one codebase and I would like separate it into 2 parts: nginx that serves the angular app and node.js for the API (consumed by the angular). I setup nginx in front of both apps to act as reverse proxy so I can run both apps on my laptop. The problem I have is after login (I use local strategy with passport) further requests don't have a cookie in them. I made sure to have 'domain' in the express-session middleware but it didn't solve the issue. app.use(session({secret: 'sBio', cookie: {maxAge: 4320000, domain: '.my-site.com'}, resave:false, saveUninitialized:false})); Here is the relevant section in my server.js:
var express = require('express'); var favicon = require('serve-favicon'); var logger = require('morgan'); // var cookieParser = require('cookie-parser') var bodyParser = require('body-parser'); var session = require('express-session'); var allowCrossDomain = require('./allow_cross_domain.js'); var app = express(); // middlewares app.use(logger('dev')); // app.use(cookieParser); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: false })); app.use(session({secret: 'sBio', cookie: {maxAge: 4320000, domain: '.my-site.com'}, resave:false, saveUninitialized:false})); app.use(allowCrossDomain); // routes Here is an issue on passport's project about this: https://github.com/jaredhanson/passport/issues/125 Thanks! -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/510030e5-13cf-4bba-8ee1-56234d4bb720%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.