Right before serving any request, it writes the same sessionid with CSRF token across multiple domains (pre-defined in an env var), so that you get logged-in once and for all.
We have multiple subdomains for this app, like: DOMAIN.com, admin.DOMAIN.com, api.DOMAIN.com
Here is the middleware:
github.com/coretabs/dorm-portal/bl...
Right before serving any request, it writes the same sessionid with CSRF token across multiple domains (pre-defined in an env var), so that you get logged-in once and for all.
Yep subdomains (been edited, thx)... and no, it won't be enough 😁
I don't remember what was the problem I ran into after using the main domain trick (adding a dot).