How do I configure cookies for cross-subdomain auth?
Set sameSite: 'none' (allows cross-site cookies), secure: true (required with sameSite none, HTTPS only), domain: '.yourdomain.com' (shares cookie across all subdomains), and httpOnly: true. This lets the frontend on app.yourdomain.com send cookies to the backend on api.yourdomain.com.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Setting Up Subdomains for Frontend and Backend api and app Separation
Clean separation of concerns, independent deployment and scaling, different security and CORS policies, CDN-friendly frontend, and cookie scoping per subdomain. Common setup: api.yourdomain.com for backend, app.yourdomain.com for frontend.
Create separate server blocks for each subdomain: one with server_name api.yourdomain.com and proxy_pass to Node.js, another with server_name app.yourdomain.com and root pointing to the frontend build. Add a redirect from yourdomain.com to app.yourdomain.com.
Run sudo certbot --nginx -d api.yourdomain.com -d app.yourdomain.com -d yourdomain.com -d www.yourdomain.com to get a single SAN certificate for all domains. Or run certbot separately for each subdomain to get individual certificates.
Still have questions?
Browse all our FAQs or reach out to our support team
