Session Cookie Not Being Set Across Subdomains After Auth0 Login

Hi Auth0 Community,

I’m facing an issue with session cookie management across subdomains in my application. Here’s my setup:

  1. Frontend Applications:

    • Nuxt 2 application running on pay.companydomain.com (production) and pay.staging.companydomain.com (staging)
    • Nuxt 3 application running on companydomain.com (production) and staging.companydomain.com (staging)
  2. Backend:

    • Spring Boot application handling Auth0 integration
    • Auth0 domain: login.companydomain.com

It’s an old application, in the past they didn’t configure stuff to be handled on local, so I can’t test stuff on local only on staging.

The authentication flow:

  1. User starts on pay.staging.companydomain.com
  2. Gets redirected to Auth0 (login.companydomain.com)
  3. After successful authentication, Auth0 redirects back to pay.staging.companydomain.com
  4. Then user is redirected to staging.companydomain.com/orders

The Issue:

  • The session cookie is not being set properly for staging.companydomain.com
  • When trying to fetch user information (e.g., /user-profile) from the Nuxt 3 application, the request fails because the session cookie is missing
  • This prevents the Nuxt 3 application from authenticating the user and accessing protected routes

What I’ve tried:

  • Ensuring CORS is properly configured
  • Setting appropriate cookie domains
  • Configuring Auth0 callback URLs

Has anyone faced a similar issue with session cookies across subdomains? Any guidance on how to properly handle session cookies in this multi-subdomain setup would be greatly appreciated.

Thanks in advance!

Also important Note:

  • When I configured the load balancer to serve /orders under pay.staging.companydomain.com, everything worked correctly - the session cookie was set and user authentication worked
  • However, I need the /orders route to be served from staging.companydomain.com or companydomain.con instead of pay.staging.companydomain.com/pay.companydomain.com