https://www.ory.sh/ logo
Join Slack
Powered by
so, it's the weekend and it's back to my personal ...
# talk-kratos
c
so, it's the weekend and it's back to my personal project / task / learning experience 😉 Something is bugging me - and I've just understood what it is. Cookies. 🍪 Kratos has to be in the same domain as the app, right ? So if I have kratos running on 
<http://auth.demo.my.co.uk|auth.demo.my.co.uk>
and apps running on 
<http://app1.demo.my.co.uk|app1.demo.my.co.uk>
and 
<http://app2.demo.my.co.uk|app2.demo.my.co.uk>
both app1 and app2 can access kratos ? what if I have kratos running on 
<http://auth.demo.my.co.uk|auth.demo.my.co.uk>
and apps running on 
<http://app1.live.my.co.uk|app1.live.my.co.uk>
and 
<http://app2.live.my.co.uk|app2.live.my.co.uk>
this should also work (domain is 
<http://my.co.uk|my.co.uk>
) right ? what if I have kratos running on 
<http://auth.demo.my.co.uk|auth.demo.my.co.uk>
and apps running on 
<http://app1.live.someother.co.uk|app1.live.someother.co.uk>
and 
<http://app2.live.someother.co.uk|app2.live.someother.co.uk>
Can these not use this kratos instance ?
q
If you set your cookie domain for demo.my.co.uk then it will work for:
Copy code
<http://auth.demo.my.co.uk|auth.demo.my.co.uk>
<http://project1.demo.my.co.uk|project1.demo.my.co.uk>
<http://project2.demo.my.co.uk|project2.demo.my.co.uk>
It will not work for
Copy code
<http://api.project1.demo.my.co.uk|api.project1.demo.my.co.uk>
I solved this by putting my api on the same domain
f
it should work for 
<http://api.project1.demo.my.co.uk|api.project1.demo.my.co.uk>
as that is still a sub domain of 
<http://demo.my.co.uk|demo.my.co.uk>
c
wait just one darn second ! It's just hit me what the "bugging" is 😉 ory-network is running on a domain completely different to my app - yet I can auth against that. So, given that kratos is the same version used on ory-network, how do they handle the different domains and cookies ? I suspect that I've missed some large chunk of documentation somewhere ...
q
@full-morning-85490 I'd be ecstatic if I'm wrong, but I think since browsers started treating .domain.com the same as domain.com it's just not the case As far as I know you can't propagate a cookie down past your first subdomain
f
hmm gimme 2 mins and ill double check
yea just checked with a simple script, cookie works across all sub and sub sub domains if you set the domain
Open in Slack
PreviousNext
Powered by