How would I allow third party cookies in safari or create a workaround?
Question
I am trying to find a way to share a session cookie between my two sites. I am unsure if this is the best approach or if I should place these sites on the same domain or switch to a different approach.
I have two sites: adminCRM.com and customerSite.com . The admin site is based on a 1.5 Mean skeleton, using oauth and passport to generate session cookies that keep users logged in. Users are given admin and/or customer roles. customerSite.com has an iframe which calls a login api on adminCRM.com. customerSite then gets a session cookie from adminCRM's response header.
For the most part, this session cookie approach appears sufficient. The problem is that this approach does not work with safari and other browsers that deny third party cookies by default.
I have researched work-around and have yet to find a current, viable solution. However, I am very new to all of this and I feel like I may be tackling this the wrong way.
Is there a workaround to set third party cookies on safari? Should I abandon third party cookies and switch to a different approach? Any help is much appreciated.
2 answers
solution1
0 ACCPTED 2017-02-14 15:53:36
Update: Eliminated the 3rd party cookie Safari issue. Kept the domains separate.
I was not able to find a way to allow 3rd party cookies, but that would have been hackish anyway.
I ended up still keeping the domains separate and just switching from session cookies to JWT. I used mleanos meanstack feature: https://github.com/mleanos/mean/tree/feature/JWT-Auth-Lib
solution2
0 2018-10-17 13:55:19
By making one of the sites subdomain of the other, I think it is no longer considered third party by the browsers. Eg adminCRM.customerSite.com
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.