LeoDiep commented on issue #23295: URL: https://github.com/apache/superset/issues/23295#issuecomment-1668999200
> I found the solution to this issue . Actually session in superset is managed using cookies. So, session cookie must be sent automatically in any API request through request headers. Also, cookies are automatically sent to subdomains on a domain(TLD). So, following are two solutions. You can choose either. > > 1. set `SESSION_COOKIE_DOMAIN = 'mydomain.com' ` in superset_config.py > This should take care of setting cookie in every request header and hence authorization will be done. > 2. Other solution is to create domain shards which should be subdomains of main domain like below. > `SUPERSET_WEBSERVER_DOMAINS=['dashboards.mydomain.com','1.dashboards.mydomain.com','2.dashboards.mydomain.com','3.dashboards.mydomain.com']` > > Note: Please delete all the session cookies for your superset top level domain and subdomains intially so that previously session cookies don't change the desired behaviour. Hi, thank you for your suggestion. It helps me logging to subdomains just fine. But I got another problem, please help me take a look at this. Thank you a lot for your support  The config I set up in superset_config.py as: ENABLE_CORS = True CORS_OPTIONS = { 'supports_credentials': True, 'allow_headers': '*', "expose_headers": "*", 'resources': '*', 'origins': ['dashboard.***.com'] } SUPERSET_WEBSERVER_DOMAINS = ['dashboard.***.com','1.dashboard.***.com','2.dashboard***.com','3.dashboard.***.com'] SESSION_COOKIE_DOMAIN = 'dashboard.***.com' -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
