Node.js cors req.headers.cookie?

Question

I have a node.js server that handles some stuff, it sits on port :9000, I built an authentication middleware to restrict some routes.

I am not able to get the cookie though, so I suspect it is because the req is coming from another place :3000 for example.

I am not trying to get the cookie express sets, I am trying to get a client side PHP cookie from the req

// using var req = http.IncomingMessage.prototype; req.authenticated = function(callback) { console.log(this.headers.cookie) }

So the question is how can I setup so that whenever :3000 makes a request to my node.js server :9000 the cookie is sent with the headers?

The browser stores a separate set of cookies for each origin. You can't (easily) do that. — SLaks
– SLaks, Commented Sep 1, 2015 at 2:11
You should put everything on one server. (or learn about SSO techniques) — SLaks
– SLaks, Commented Sep 1, 2015 at 2:13
We cant really do that, the core app is built on symfony, but I built a node server for real time chatting. — Michael Joseph Aubry
– Michael Joseph Aubry, Commented Sep 1, 2015 at 2:18

SLaks · Accepted Answer · 2015-09-01 02:24:23Z

You have a number of options:

You can put both servers behind a reverse proxy (such as nginx) and map different URLs from the same authority to different backends.
You could configure Apache (or whatever server your main site is hosted on) to forward some URLs to your Node server using mod_proxy (instructions)
You could host your Node server on a subdomain of the main server, and use the same port, then use domain-wildcard cookies
You could send the auth token explicitly as an HTTP header set by your client code (you'll need to send the raw auth token to the client accessible via JS; beware of XSS attacks)
You could have the main site send a signed request to a URL on the Node.js server to set an auth cookie on its authority (you'll need to do the same on logout, and to prevent CSRF, session fixing, and other attacks; learn about SSO techniques)

1 Answer 1