Hi Auth0 Community,
I’m facing an issue with session cookie management across subdomains in my application. Here’s my setup:
-
Frontend Applications:
- Nuxt 2 application running on
pay.companydomain.com(production) andpay.staging.companydomain.com(staging) - Nuxt 3 application running on
companydomain.com(production) andstaging.companydomain.com(staging)
- Nuxt 2 application running on
-
Backend:
- Spring Boot application handling Auth0 integration
- Auth0 domain:
login.companydomain.com
It’s an old application, in the past they didn’t configure stuff to be handled on local, so I can’t test stuff on local only on staging.
The authentication flow:
- User starts on
pay.staging.companydomain.com - Gets redirected to Auth0 (
login.companydomain.com) - After successful authentication, Auth0 redirects back to
pay.staging.companydomain.com - Then user is redirected to
staging.companydomain.com/orders
The Issue:
- The session cookie is not being set properly for
staging.companydomain.com - When trying to fetch user information (e.g.,
/user-profile) from the Nuxt 3 application, the request fails because the session cookie is missing - This prevents the Nuxt 3 application from authenticating the user and accessing protected routes
What I’ve tried:
- Ensuring CORS is properly configured
- Setting appropriate cookie domains
- Configuring Auth0 callback URLs
Has anyone faced a similar issue with session cookies across subdomains? Any guidance on how to properly handle session cookies in this multi-subdomain setup would be greatly appreciated.
Thanks in advance!