How can I allow a session to be valid for all subdomains?

[Travis Paul <Tr...@visPaul.me>]

How can I allow a session to be valid for all subdomains?

I have couchdb running on port 80 and I have some vhosts setup with
separate couchapps:

app1.domain.com =  /app1/_design/app1/_rewrite
app2.domain.com = /app2/_design/app2/_rewrite

and my rewrite.json for each app looks like:
[{
    "from": "",
    "to": "login.html"
}]

If I require that a user needs to login to use an app by setting database
readers, then they need to post their user/pass to
app.domain.com/_sessionbut they can't access the rewrite and they
can't login from another
subdomain because their session won't be valid.

If I could make sessions valid across all subdomains of domain.com I could
do something like:

app1.domain.com =  /app1/_design/app1/_rewrite
app2.domain.com = /app2/_design/app2/_rewrite
www.domain.com = /login/_design/login/login.html  <-- handles login and
redirection to the correct app based on user roles or some other mapping

Maybe I am going about this the wrong way but I really do not want to use a
reverse proxy or another webserver or application layer for my couchapps.

Re: How can I allow a session to be valid for all subdomains?

[CGS <cg...@gmail.com>]

Hi Travis,

It is hard to answer without knowing what you understand by "application
layer". If you consider that anything written in any
functional/programming/scripting/... language, then it's impossible.
Otherwise, you can try to get some help from JS AJAX. For example, you can
devise 1 common login (just few functions to your main login page or to any
login page) to propagate the user and the password through all subdomains
(considering they do have a common login for all subdomains). That's
because the cookies are stored for each subdomain individually, but you can
exchange information via AJAX from different subdomains without any problem
(from app1.domain.com you can access app2.domain.com/_session and from
app2.domain.com you can access app1.domain.com/_session, respectively,
because domain.com and port 80 match in both subdomains). For more info,
check how the login is done in Futon (that part with jQuery AJAX API).

I hope this idea will help.

CGS





On Sat, Feb 4, 2012 at 11:26 PM, Travis Paul <Tr...@vispaul.me> wrote:

> How can I allow a session to be valid for all subdomains?
>
> I have couchdb running on port 80 and I have some vhosts setup with
> separate couchapps:
>
> app1.domain.com =  /app1/_design/app1/_rewrite
> app2.domain.com = /app2/_design/app2/_rewrite
>
> and my rewrite.json for each app looks like:
> [{
>    "from": "",
>    "to": "login.html"
> }]
>
> If I require that a user needs to login to use an app by setting database
> readers, then they need to post their user/pass to
> app.domain.com/_sessionbut they can't access the rewrite and they
> can't login from another
> subdomain because their session won't be valid.
>
> If I could make sessions valid across all subdomains of domain.com I could
> do something like:
>
> app1.domain.com =  /app1/_design/app1/_rewrite
> app2.domain.com = /app2/_design/app2/_rewrite
> www.domain.com = /login/_design/login/login.html  <-- handles login and
> redirection to the correct app based on user roles or some other mapping
>
> Maybe I am going about this the wrong way but I really do not want to use a
> reverse proxy or another webserver or application layer for my couchapps.
>