[oatmealsnap]

I tried implementing a token-based authentication system, and it worked fine for a while. Then we added a subdomain (login.mysite.com) for registering, and it all went to shit. They don't share the same localStorage, so keeping the tokens in sync can be tough.

[jnbiche]

Does it have to be a subdomain? Few people pay attention to whether they're logging in to login.mysite.com or mysite.com/login The few times I've tried to guess a web page's login address, I've tried both a login subdomain and a login directory.