Questions about cookie, ssesion in cross-domain access

  node.js, question
// client.js
 import React, { Component } from "react"
 import fetch from "isomorphic-fetch"
 class App extends Component {
 constructor(props) {
 this.handleLogin = this.handleLogin.bind(this)
 this.handleLogout = this.handleLogout.bind(this)
 handleLogin() {
 fetch(`http:\/\/localhost:8888/user/login`, {
 method: "POST",
 body: { "username": "username", "password": "123456" },
 mode: "no-cors"
 .then( response => response.json() )
 .then( json => console.log(json) )
 .catch( err => console.log(err) )
 handleLogout() {
 fetch(`http:\/\/localhost:8888/user/logout`, {
 method: "POST",
 mode: "no-cors"
 .then( response => response.json() )
 .then( json => console.log(json) )
 .catch( err => console.log(err) )
 render() {
 return <div>
 <button onClick={this.handleLogin}>Login</button>
 <button onClick={this.handleLogout}>Logout</button>
 export default App
 var express = require("express")
 var session = require("express-session")
 var redisStore = require("connect-redis")(session)
 var app = express()
 var user = require("./routers/user")
 // app.use(cookieParser())
 secret: "tdx",
 name: "app",
 store: new redisStore({
 host: "",
 port: "6379"
 // cookie: { maxAge: 80000 }
 app.use("/user", user)
 app.listen("8888", function() {
 console.log("server start at: localhost:8888")
 // routers/user.js
 var express = require("express")
 var router = express.Router()
 router.use(function timeLog(req, res, next) {
 console.log("Time: ",
 // router.use("/", function(req,res) {
 //     res.send("user home page")
 // })
 router.use("/login", function(req, res) {
 res.send("user login page")
 router.use("/logout", function(req, res) {
 res.send("user logout page")
 module.exports = router

Here, when we put the logic of client.js in the local html page and visit the server, we will return to a different session each time. the feedback of online query is that the session and cookie are lost when cross-domain, so the server will regenerate a session when it checks that there is no session.

However, my aim is that if my application is divided into local and web side, and the user information is stored through session, it will not work. Is there any solution now?

  1. Is there any problem with this local and web common server-side processing logic

  2. The fetch method in isomorphic-fetch uses cross-domain to obtain data better than Ajax, so how to solve the problem of cookie and session loss

That’s all for now, looking forward to answering @Cam.

This mature method is solved by SSO single sign-on, because cross-domain control is controlled by the browser, so different domain names can’t share cookie, which leads to the inability to share session. SSO’s solution is to generate independent identity cookie under different domain names through single sign-on, and then share an identity on the server side. This is how Sina realized the sharing of identities between and