0👍
Since the PHP server and the node.JS server is running on two different ports, they are considered as different origins in all browsers. That means that a cookie that was sent from localhost:8080
will not be sent to any requests made to localhost:80
. One way to overcome this would be to remove the http only flag on session cookies so that you can manually send the cookie via javascript BUT that could end up pretty bad if someone manages to run XSS attacks on your site.
Other ways would be 1) to use only one of the two servers from your front-end and then have the used backend to communicate with the other backend meaning that you could make php available only to the node application or 2) Redesign PHP to use tokens. From my understanding you are using php as an API and most APIs are designed to use tokens instead of session since you are usually accessing the API from another domain.