Sharing Auth0 session cookie between NextJS applications?

Hey Auth0 Community!

We have a few NextJS React applications running and each is configured as its own application in Auth0 and each is using the nextjs-auth0 library for configuration. Each of these apps uses mostly the default configuration resulting in a cookie named appSession being created. Each of these apps is running on the same domain like so:

rootdomain/
rootdomain/app1
rootdomain/app2
rootdomain/app3

This is working but has a couple of drawbacks:

  • When having two browser windows open to different applications, only one of them will be able to make API calls since the appSession cookie gets overwritten by whichever app you most recently went to.
  • We haven’t been able to pin down exactly why but when navigating between our applications with the browsers Back button there are times when the appSession cookie disappears and the user gets an error page. We believe this is similar to the first bullet point where one application is overwriting or deleting the appSession cookie which is causing issues for the next application.

We have thought about updating each app to use its own cookie name but are concerned with creating cookies on our domain which already has a fair amount of cookies. We have run into issues in the past where our AWS Cloudfront complains about our total request size due to cookies.

We could also switch to using stateful cookies but that is a fair amount of effort to setup and maintain.

I’m just curious if there is a way we can use a single cookie to share the session across these applications or if there is a recommended way to share session data across apps using the same auth0 library?

Thanks!