Passport js fails to maintain session in cross-domain

Question

I am using passport JS, express and mongoose to make an API. When I test it in same domain it maintain session and works fine. But in cross domain it fails. Any clue how can

Answer 1

Allow the credentials to be shared by setting Access-Control-Allow-Credentials header. (I am not sure why you have commented in your code)

res.header("Access-Control-Allow-Credentials", "true");

then pass the credentials from javascript through XHR object.

xhr.withCredentials = true;