Return to Answer

So if I understand it well, I think the third approach with a reverse proxy to paths may be enough to share the authentication in the domain (in the short term), like you have an API and get session token in the same application but it adds a ton of complexity.

Nevertheless, you may want to step ahead in your development and keep only one authentication so, I don't know if you are using some OAuth authentication process, or is just as simple as user and password, but in case you are using oauthv2, (you can set up your own server with passportjs) you can use Single Sign On (SSO), and you redirect your user where the application lives (example: POST sso.example.com) to get session JWT and redirect to the application so the cookie set into the right domain. Also if you need information about the user you and POST to sso.example.com to get details of the logged user.

Note: be careful to encrypt the cookie and DO NOT send user information inside it, better to make another call to fetch user's information.

Some useful links with other industry techniques:

• Session Sharing
• Nodejs SSO

So if I understand it well, I think the third approach with a reverse proxy to paths may be enough to share the authentication in the domain (in the short term), like you have an API and get session token in the same application but it adds a ton of complexity.

Nevertheless, you may want to step ahead in your development and keep only one authentication so, I don't know if you are using some OAuth authentication process, or is just as simple as user and password, but in case you are using oauthv2, (you can set up your own server with passportjs) you can use Single Sign-On (SSO), and you redirect your user where the application lives (example: POST sso.example.com) to get session JWT and redirect to the application so the cookie set into the right domain. Also if you need information about the user you make a POST request to sso.example.com to get details of the logged user.

Note: be careful to encrypt the cookie and DO NOT send user information inside it, better to make another call to fetch the user's information.

Some useful links with other industry techniques:

• Session Sharing
• Nodejs SSO

So if I understand it well, I think the third approach with a reverse proxy to paths may be enough to share the authentication in the domain (in the short term), like you have an api and get session token in the same application but it adds a ton of complexity.

Nevertheless, you may want to step ahead in your development and keep only one authentication so, I don't know if you are using some oauth authentication process, or is just as simple as user and password, but in case you are using oauthv2, (you can set up your own server with passportjs) you can use Single Sign On (SSO), and you redirect your user where the application lives (example: POST sso.example.com) to get session jwt and redirect to the application so the cookie set into the right domain. Also if you need information about the user you and POST to sso.example.com to get details of the logged user.

Note: be careful to encrypt the cookie and DO NOT send user information inside it, better to make another call to fetch user's information.

Some useful links with other industry techniques:

• Session Sharing
• Nodejs SSO

So if I understand it well, I think the third approach with a reverse proxy to paths may be enough to share the authentication in the domain (in the short term), like you have an API and get session token in the same application but it adds a ton of complexity.

Nevertheless, you may want to step ahead in your development and keep only one authentication so, I don't know if you are using some OAuth authentication process, or is just as simple as user and password, but in case you are using oauthv2, (you can set up your own server with passportjs) you can use Single Sign On (SSO), and you redirect your user where the application lives (example: POST sso.example.com) to get session JWT and redirect to the application so the cookie set into the right domain. Also if you need information about the user you and POST to sso.example.com to get details of the logged user.

Note: be careful to encrypt the cookie and DO NOT send user information inside it, better to make another call to fetch user's information.

Some useful links with other industry techniques:

• Session Sharing
• Nodejs SSO

So if I understand it well, I think the third approach with a reverse proxy to paths may be enough to share the authentication in the domain (in the short term), like you have an api and get session token in the same application but it adds a ton of complexity.

Nevertheless, you may want to step ahead in your development and keep only one authentication so, I don't know if you are using some oauth authentication process, or is just as simple as user and password, but in case you are using oauthv2 (you can set up your own server with http://www.passportjs.org/) you can use https://auth0.com/docs/sso?_ga=2.227010072.424646326.1609872945-5 14458386.1606333985 Single Sing On (SSO) and you redirect your user where the application lives, example: POST sso.example.com to get session jwt and redirect to the application so the cookie set into the right domain. Also if you need information about the user you and POST to sso.example.com to get details of the logged user.

Note: be careful to encrypt the cookie and DO NOT send user information inside it, better to make another call to fetch user's information.

Some useful links with other industry techniques:

• Session Sharing: https://docs.oracle.com/cd/E24152_01/Platform.10-1/ATGPlatformProgGuide/html/s0906sharingasessionacrossmultipledom01.html#s0906sessionrecoverywithjavascript01
• Nodejs SSO: https://codeburst.io/building-a-simple-single-sign-on-sso-server-and-solution-from-scratch-in-node-js-ea6ee5fdf340

So if I understand it well, I think the third approach with a reverse proxy to paths may be enough to share the authentication in the domain (in the short term), like you have an api and get session token in the same application but it adds a ton of complexity.

Nevertheless, you may want to step ahead in your development and keep only one authentication so, I don't know if you are using some oauth authentication process, or is just as simple as user and password, but in case you are using oauthv2, (you can set up your own server with passportjs) you can use Single Sign On (SSO), and you redirect your user where the application lives (example: POST sso.example.com) to get session jwt and redirect to the application so the cookie set into the right domain. Also if you need information about the user you and POST to sso.example.com to get details of the logged user.

Note: be careful to encrypt the cookie and DO NOT send user information inside it, better to make another call to fetch user's information.

Some useful links with other industry techniques:

• Session Sharing
• Nodejs SSO