sub domain cookies not working
I set my cross subdomain cookies based on the docs & put credentials: include on requests, but it still doesn't send the cookies to the API
28 Replies
set it up like this
@bekacru if you don't mind ^^
not many people use this, so it's a bit hard to get help with that
Hey remove default cookie attributes
i didn't have those before & it was still not working ^^
does the rest look fine?
yes remove that make sure domain is correct and only enable it on prod
will do, gonna check now
the crossubdomaincookies: enabled only on prod?
yes
done, testing now
still no auth cookies being sent to my sub domain
sigh
on prod?
yeah
prod sends a request to my sub-domain with credentials: include, and the auth cookies aren't being sent
i see these on the prod tho
is that why?
or is cross site irrelevant
the auth cookies should be sent in general even if the config is wrong
the browser is the one which should reject setting those cookies
so what should I do? it's refusing to work, not sure how to debug
So when you try to sign-in and it sends 200 check the network tab to see if it showing any warnings first
if it can't set the cookie the browser will show some error
no it sets the cookie properly & all authentication works fine
but sending a request to the API on a sub-domain doesn't forward the authentication cookie
though i noticed one weird thing, the cookie domain says ".app.domain.cc" (with the config i sent), is it supposed to be .domain.cc?
might just use bearer instead tbh
it's being weird
even bearer won't set to localStorage
sigh
not sure how i'll handle auth now
yes. you should put the root domain
i did though
hmm, you set to local storage yourself
i put .domain.cc on the domain part
i did ^
it still puts .app.domain.cc on the cookies
when you send a request to your api, have you added credential include?
the cookies are sending now so that's fine, still not authenticating but it's prolly cause of cloudflare
getting prisma issues insgeady
what does it mean by "not authenticating"
as in 401 authentication required despite the cookie being sent
still debugging that but it's probably cause of prisma not working
i use prisma to get the user data after getting the session
Hey @hyteq did you get a solution to this ?
nope
I having the same issue here.
Have you guys tried going into incognito and then doing the request?
Also, if you share auth.ts both in the client and server, both of them should have crossSubDomainCookies in their config. (Only for production as localhost is the same domain)
ahh, I forgot to change the domain in my env variables. It now works