Does better auth support authenticating on subdomain, carrying over to main domain/other submains?
Hello, the current provider I use for auth doesn't support the option for the user to authenticate on i.e login.example.com, and then have the session in other subdomains such as test.example.com or even example.com. Does better auth have an option for this? I see in the docs it allows for subdoamins to get the session if authenticated on the main domain i.e example.com, but does it work the other way around too?
2 Replies
https://web.dev/articles/samesite-cookies-explained
If your doing cookie auth these settings can be set with cookie auth allow subdomain cookie sharing
web.dev
SameSite cookies explained | Articles | web.dev
Learn to mark your cookies for first-party and third-party usage with the SameSite attribute. You can enhance your site's security by using SameSite's Lax and Strict values to improve protection against CSRF attacks. Specifying the new None attribute lets you explicitly mark your cookies for cross-site usage.
If your doing bearer auth and storing a token in localstorage this is not possible