Skip to content
Start building
Back

Issue with Auth cookies and Custom Domain

  • 0
  • Auth
  • Web
  • Cloud
View on Discord
Ball
26 Jul, 2025, 20:07

Hello, I am hoping this is just a simple issue that I am missing something but by how I am readying the documentation I believe something is not adding up. The custom domains docs say that to avoid the browser blocking the sending of cookies, the appwrite domain should be under the same domain as the web apps domain.

I my project is a webapp using a mix of the Appwrite cloud (for auth, database, and soon realtime) and a selfhosted nodejs express server. The selfhosted server is accessible from the internet through my Nginx Proxy Manager setup, as is all my other services. I added and verified the custom domain for "api.cards.mydomain.com". When the client accesses my webapp at "cards.mydomain.com" and authenticate using the client sdk's account.createEmailPasswordSession, the cookie that is set on the browser is set to the Domain ".api.cards.mydomain.com" which I believe is correct based how I read the documentation on it.

This is believe is the problem though. Because the domain on the cookie is ".api.cards.mydomain.com" only that exact domain and subdomains of it can access the cookie. When trying to get the req.cookies on the server app it returns empty. Checking the request the browser sent it shows that it did not include those cookies. This is the understanding I got by reading the MDN docs on how cookies are used which is contradicting how I understood the appwrite docs.

I am really hoping someone can clear this up for me because I am not seeing how to move forward with how these seem to be in conflict. I would be open to adding a custom location to my Nginx proxy manager to point /api/ to the appwrite cloud endpoint but would need help with that if it is the better way to go (I did give it a brief shot but it was then giving Fastly SSL errors but that is a separate issue).

Thanks!

Sources: https://appwrite.io/docs/advanced/platform/custom-domains https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies

TL;DR
Issue with setting Auth cookies and Custom Domain causing cookies not to be accessible by servers due to conflicting domain configurations. The cookies are being set to ".api.cards.mydomain.com", making them only accessible by that exact domain and subdomains. This leads to server not receiving the cookies and requests failing. Potential solution: Consider updating configuration to point /api/ to the appwrite cloud endpoint to resolve conflicts between domain setups.
Ball
26 Jul, 2025, 20:17

Attached are screenshots of the cookies as well as the request when loading the site. Any assistance is greatly appreciated

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more