#Express - Settings user's cookies cross-domain

i seeeee, so api.origin1 is setting cookies on site.origin2 so that site.origin2 clients can auth to the site.origin2 server? or are they authing to the api.origin1 server

The latter

okay I guess that makes more sense

but in that case shouldnt the domain be api.origin1

a request to api.origin1, no matter what origin u make it from, uses cookies from api.origin1 (as long as there aren't cors issues)

So the way I assume it's working

User starts auth flow on site.origin1 this flow ends with them being redirected to a route on api.origin1 where the cookies are set (?) and then redirected back to site.origin1 where the client checks the users cookies. If user has said cookies it makes a http request to api.origin1 to see that cookie value is valid

I could be wrong, I didn't dig too much into how express-sessions was doing it's thing, it sort of just worked lol

hmm ic

well if it works it works lol