on prod - cookies aren't being passed from FE to BE, using monorepo (turbo), but working locally.
Answered
American black bear posted this in #help-forum
American black bearOP
hellow guys,
I'm facing an issue on production where cookies aren't being passed from
my Next.js frontend (platform) to my Next.js backend (API) within a Turborepo monorepo setup on Vercel. but working fine locally.
This setup uses a shared auth package with Better-Auth for authentication. The issue doesn't occur locally, and I've already tried several solutions without success.
What's causing this? I've checked the environment variables and CORS settings, and they appear to be correct.
What's causing this? Has anyone faced the same issue or has a solution?
project structure :
apps/
-platform
-api
packages/
-auth ( better-auth)
validation failing here. when i send req from FE to BE.
I'm facing an issue on production where cookies aren't being passed from
my Next.js frontend (platform) to my Next.js backend (API) within a Turborepo monorepo setup on Vercel. but working fine locally.
This setup uses a shared auth package with Better-Auth for authentication. The issue doesn't occur locally, and I've already tried several solutions without success.
What's causing this? I've checked the environment variables and CORS settings, and they appear to be correct.
What's causing this? Has anyone faced the same issue or has a solution?
project structure :
apps/
-platform
-api
packages/
-auth ( better-auth)
validation failing here. when i send req from FE to BE.
Answered by American black bear
Here's a summary of the issue you faced:
* Vercel's default
* This means subdomains like
* Cookie sharing works fine when using your own custom domain (e.g.,
* i spent two days debugging this issue, even with the help of GitHub Copilot, i wasted 2 days with my 20% premium requests.
* The key takeaway is to always test cookie sharing functionality with a custom domain to avoid this problem.
I'll sleep better tonight. Only got 4 hours as a solo builder, so I had to find a solution myself. Thanks.
* Vercel's default
.vercel.app subdomains don't allow cross-origin cookie sharing.* This means subdomains like
floxify-fe.vercel.app and floxify-be.vercel.app can't share cookies.* Cookie sharing works fine when using your own custom domain (e.g.,
floxify-fe.floxify.ai and floxify-be.floxify.ai).* i spent two days debugging this issue, even with the help of GitHub Copilot, i wasted 2 days with my 20% premium requests.
* The key takeaway is to always test cookie sharing functionality with a custom domain to avoid this problem.
I'll sleep better tonight. Only got 4 hours as a solo builder, so I had to find a solution myself. Thanks.
2 Replies
American black bearOP
Here's a summary of the issue you faced:
* Vercel's default
* This means subdomains like
* Cookie sharing works fine when using your own custom domain (e.g.,
* i spent two days debugging this issue, even with the help of GitHub Copilot, i wasted 2 days with my 20% premium requests.
* The key takeaway is to always test cookie sharing functionality with a custom domain to avoid this problem.
I'll sleep better tonight. Only got 4 hours as a solo builder, so I had to find a solution myself. Thanks.
* Vercel's default
.vercel.app subdomains don't allow cross-origin cookie sharing.* This means subdomains like
floxify-fe.vercel.app and floxify-be.vercel.app can't share cookies.* Cookie sharing works fine when using your own custom domain (e.g.,
floxify-fe.floxify.ai and floxify-be.floxify.ai).* i spent two days debugging this issue, even with the help of GitHub Copilot, i wasted 2 days with my 20% premium requests.
* The key takeaway is to always test cookie sharing functionality with a custom domain to avoid this problem.
I'll sleep better tonight. Only got 4 hours as a solo builder, so I had to find a solution myself. Thanks.
Answer
Chub mackerel
if you want to share cookie(s) across all subdomains, you can set the cookie domain explicitly:
res.cookie('token', 'abc123', {
domain: '.example.com', // upport all subdomains
path: '/',
secure: true,
});