feat: add configurable auth-cookie domain property (#22)

* Add configurable cookie domain property

* fix: parametr description

* fix: property definition expanded

* Update src/module.ts

Co-authored-by: Nils <nils.jonalik@rwth-aachen.de>

Co-authored-by: Nils <nils.jonalik@rwth-aachen.de>

Author: blumgart

src/module.ts

@@ -44,6 +44,14 @@ declare interface SessionOptions {
     * @docs https://github.com/unjs/unstorage
     */
    storageOptions: CreateStorageOptions,
+   /**
+   * Set the domain the session cookie will be receivable by. Setting `domain: null` results in setting the domain the cookie is initially set on. Specifying a domain will allow the domain and all its sub-domains.
+   * @default null
+   * @example '.example.com'
+   * @type string | null
+   * @docs https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent
+   */
+   domain: string | null
 }
 
 declare interface ApiOptions {
@@ -100,6 +108,7 @@ const defaults: ModuleOptions = {
     idLength: 64,
     storePrefix: 'sessions',
     cookieSameSite: 'lax',
+    domain: null,
     storageOptions: {}
   },
   api: {

src/runtime/server/middleware/session/index.ts

@@ -14,7 +14,9 @@ const safeSetCookie = (event: H3Event, name: string, value: string) => setCookie
   // Only send cookie via HTTP requests, do not allow access of cookie from JS to mitigate XSS attacks
   httpOnly: true,
   // Do not send cookies on many cross-site requests to mitigates CSRF and cross-site attacks, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#lax
-  sameSite: useRuntimeConfig().session.session.cookieSameSite as SameSiteOptions
+  sameSite: useRuntimeConfig().session.session.cookieSameSite as SameSiteOptions,
+  // Set cookie for subdomain
+  domain: useRuntimeConfig().session.session.domain,
 })
 
 export declare interface Session {