Skip to content
Start project
Back

help with domain cookie!

  • 0
  • Self Hosted
  • Web
View on Discord
Alex Bourg
9 Nov, 2025, 22:16

I'm having trouble with cookie domain configuration for cross-subdomain authentication. The session cookies are being scoped to the Appwrite endpoint domain instead of the parent domain, preventing authentication on my main website.

Setup that does NOT work:

  • Website: example.com
  • Appwrite endpoint: appwrite.example.com
  • Cookie domain set by Appwrite: .appwrite.example.com
  • Result: Cookies are not sent when accessing example.com (parent domain cannot access child domain cookies due to browser security)

Setup that DOES work:

  • Website: web.appwrite.example.com
  • Appwrite endpoint: appwrite.example.com
  • Cookie domain set by Appwrite: .appwrite.example.com
  • Result: Cookies work correctly (both sites under same subdomain tree)

Question: Is there a configuration option to set the session cookie domain to the parent domain (.example.com) instead of the endpoint subdomain (.appwrite.example.com)?

I've checked the environment variables documentation but couldn't find a _APP_COOKIE_DOMAIN or similar option. I've also tried adding my main domain as a platform in the console, but this only affects CORS, not cookie domain.

Additional context:

  • I tried both appwrite cloud 1.8 and self-hosted Appwrite 1.7.4
  • Platform hostnames are configured correctly for CORS
  • Authentication works perfectly when both sites share the same subdomain parent

Is there a way to configure this, or is the only solution to restructure my domains or implement a server-side session proxy?

Thank you for your help!

TL;DR
Developers seek help in configuring session cookies to be accessible by the parent domain instead of just the endpoint subdomain when using Appwrite. While Appwrite's recommended practice of setting the Appwrite endpoint under the same domain helps with 3rd-party cookie blocking, it doesn't address the parent domain cookie issue. Tested configurations show that cookies only work correctly when sites share the same subdomain. There is no specific configuration option in the documentation, and attempting to add the main domain as a platform only affects CORS, not cookie domain. Possible solutions include restructuring domains or implementing a server-side session proxy.
Alex Bourg
9 Nov, 2025, 22:43

my selfhosted config: _APP_DOMAIN=cms.example.com _APP_CUSTOM_DOMAIN_DENY_LIST=example.com,test.com,app.example.com _APP_DOMAIN_FUNCTIONS=fn.example.com _APP_DOMAIN_SITES=sites.example.com _APP_DOMAIN_TARGET=cms.example.com _APP_DOMAIN_TARGET_CNAME=cms.example.com

Alex Bourg
9 Nov, 2025, 23:06

I've read your documentation on setting Appwrite endpoint under the same domain, https://appwrite.io/docs/advanced/platform/custom-domains which recommends using appwrite.my-app.com when the app runs on my-app.com to avoid 3rd-party cookie blocking. but that doesn't address the parent domain my-app.com

Alex Bourg
9 Nov, 2025, 23:11
Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more