How to set cross domain cookies ? (Urgent please I have hackathon deadline)
So here is the scenario
- I have my frontend on domain
API Auth Config - https://github.com/mdhruvil/vibe/blob/main/apps/server/src/lib/auth.ts Auth Client: https://github.com/mdhruvil/vibe/blob/main/apps/dash/src/lib/auth-client.ts Auth Page: (for now only google works): https://github.com/mdhruvil/vibe/blob/main/apps/dash/src/app/auth/page.tsx
vibe.appwrite.network and api on vibeapi.mdhruvil.page , when I complete google auth flow it is setting the cookie in api domain but when I make request from frontend domain to backend domain it is not sending the cookie with request despite having credentials: true, Also I when I visit /api/auth/get-session on api domain it IS returning my session successfully.API Auth Config - https://github.com/mdhruvil/vibe/blob/main/apps/server/src/lib/auth.ts Auth Client: https://github.com/mdhruvil/vibe/blob/main/apps/dash/src/lib/auth-client.ts Auth Page: (for now only google works): https://github.com/mdhruvil/vibe/blob/main/apps/dash/src/app/auth/page.tsx
8 Replies
Also forgot to mention current setup works VERY FINE in localhost, frontend is on localhost:3000 and api is on localhost:8787
@Better Auth please
Hi there! I'm here to help you with Better Auth. Could you please clarify what you need? For example, are you looking for best practices on setting up rate limiting [1], configuring OAuth proxy [2], or details on plugins and advanced configuration [8]? Let me know, and I'll be glad to provide more information.
Sources:
[1] Rate Limit | Better Auth
[2] OAuth Proxy | Better Auth
[8] Plugins | Better Auth
Rate Limit | Better Auth
How to limit the number of requests a user can make to the server in a given time period.
OAuth Proxy | Better Auth
OAuth Proxy plugin for Better Auth
@Better Auth check this message
Hey there! I noticed your message. Could you please clarify what you need help with regarding Better Auth? Are you referring to a specific issue, configuration detail, or error message? Let me know so I can assist you better.
@Better Auth
So here is the scenario
- I have my frontend on domain
API Auth Config - https://github.com/mdhruvil/vibe/blob/main/apps/server/src/lib/auth.ts Auth Client: https://github.com/mdhruvil/vibe/blob/main/apps/dash/src/lib/auth-client.ts Auth Page: (for now only google works): https://github.com/mdhruvil/vibe/blob/main/apps/dash/src/app/auth/page.tsx
vibe.appwrite.network and api on vibeapi.mdhruvil.page , when I complete google auth flow it is setting the cookie in api domain but when I make request from frontend domain to backend domain it is not sending the cookie with request despite having credentials: true, Also I when I visit /api/auth/get-session on api domain it IS returning my session successfully.API Auth Config - https://github.com/mdhruvil/vibe/blob/main/apps/server/src/lib/auth.ts Auth Client: https://github.com/mdhruvil/vibe/blob/main/apps/dash/src/lib/auth-client.ts Auth Page: (for now only google works): https://github.com/mdhruvil/vibe/blob/main/apps/dash/src/app/auth/page.tsx
It sounds like you’re running into a classic cross-domain cookie issue. When your API (vibeapi.mdhruvil.page) sets the cookie, the browser associates it with that domain. As a result, when your frontend (vibe.appwrite.network) makes a request—even with credentials included—the browser won’t attach the API cookie because the cookie’s domain doesn’t match the request’s origin [5].
A few suggestions to resolve this:
1. Configure your Better Auth cookie attributes so that they explicitly set SameSite to "none" and Secure to true. This change will allow the cookie to be sent in cross-site requests, but note that the cookie will only be sent when the domains exactly match or, ideally, when using a subdomain strategy [5].
2. If possible, use a common parent domain with subdomains. Better Auth provides the option to enable crossSubDomainCookies in your auth configuration. This way the cookie’s domain can be set to the parent (for example, something like appwrite.network) and be shared between your frontend and API if they are configured as subdomains [12].
3. Double-check your CORS settings on your API server to make sure that:
- The Access-Control-Allow-Credentials header is true.
- Your Allowed Origins setting includes your frontend domain (vibe.appwrite.network).
4. If your domains must remain entirely separate (not as subdomains), you might need to consider proxying your API requests through your frontend domain or implementing another token-based authentication method, since the browser’s cookie policy may restrict cross-domain cookie sharing [8].
By ensuring the cookie’s attributes and your CORS settings are aligned with these requirements,
GitHub
better-auth/better-auth
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
you should be able to have the cookie sent with your API requests from your frontend. Let me know if you have any more questions!
Sources:
[5] Hono Integration | Better Auth
[8] cookies are not working in case of backend on remote server that is being used for a hosted frontend, and the local frontend
[12] Cookies | Better Auth
Hono Integration | Better Auth
Integrate Better Auth with Hono.
GitHub
cookies are not working in case of backend on remote server that is...
Is this suited for github? Yes, this is suited for github To Reproduce Just host better-auth in api.example.com and a frontend in example.com Until this, we are good, no problem But if I want to wo...
Cookies | Better Auth
Learn how cookies are used in Better Auth.
I've been facing the same issue in one of my applications for 2 months.
I explained the problem in these messages I exchanged with @Alex Yang .
https://discord.com/channels/1288403910284935179/1415884129203126412
He suggested a few possible fixes, but I haven’t had the time to update and test them yet. If you test it, please keep me updated as well.