Yes, it's 2025, we had the internet and the encyclopedic knowledge of LLMs at our fingertips, and we were still blocked for 45 minutes.
"Maze ga...
For further actions, you may consider blocking this person and/or reporting abuse
We faced a similar issue for a project we're developing. Our laravel backend (a subdomain) generated the cookie that had to be validated in Next.js frontend (another subdomain) and another 3rd party system (yet another subdomain) which only worked with cookies. The Next frontend also authenticated the laravel session on every refresh through an API before fetching user-specific data.
The only solution was to create a cookie in the backend with the domain set to the root domain and voila, everything worked seamlessly.
We were in a very similar situation except proxied by Cloudflare and using Nuxt. I think going through Cloudflare workers added a bit of complexity and cross checking overhead.
Haha, this is so relatable! 😂 Cookie authentication issues are the worst - works perfectly in dev but production mein everything breaks
The struggle with systems you can't see or debug every layer of results in... testing on prod! XD
Thanks for sharing helpful tips
Yes, hitting that wall with cookie domains is always so frustrating. Did you end up considering tokens in URL params or localStorage at all for those mirror domains?
I didn't think to put the tokens in the URL params, and I guess the way we were doing it wasn't entirely standard unlike OAuth2 url params including tokens.
The team abused LocalStorage before for less sensitive values so our Veep discouraged that as a practice... which left us with that cookie 😆
Man, you summed up months of cookie pain in one post. I've been tripped up by that 'Domain' attribute headache so many times, it's honestly nice seeing it all laid out like this
No kidding, working on that system with 3 layers of backend (MySQL, laravel, cloudflare edge proxy), so many mirror domains and no real way to run it all locally was crazy-making!
Glad I'm not the only one who's baffled and stumped!
Awesome easy-to-follow and meaningful post @jenc 👍👍👍
Thanks! So many things on the job are still hairy mysteries even with LLMs helping to debug!