Login across subdomains


We have an auth challenge. We have multiple subdomains x.encontext.io and so on. Currently we are having the user login at identity.encontext.io with an email OTP. On our localhost we remain logged in across ports, but when we push to prod the app is initialized but no user is found. We have allowed these subdomains in the sdk configuration. Help/Ideas?

Hey Ian – thanks for posting!

While using our JavaScript SDK for authentication, Stytch session cookies will automatically be shared with subdomains of the domain where the cookie is set (in other words, where the user authenticates) – but not on other subdomains of the same parent domain. In your case, cookies will be shared with identity.encontext.io and all of its subdomains, but not with x.encontext.io.

We don’t offer a way to customize this behavior at the moment, but I’ll raise this internally as a feature request.

As a workaround, some customers have handled similar scenarios by setting session cookies themselves with a broader domain, by manually passing the session token along as an auth header, or by changing their domain structure to accommodate.

Please let me know if you have any follow-up questions about this, and I’ll be happy to help!

1 Like

Thanks you this is super helpful! Using this information we were able to get it working so far. Posting a quick note to make it clear for others (and myself if I forget)

Not Working
login at: identity.yourdomainDOTcom
use at: portal.yourdomainDOTcom

login at: yourdomainDOTcom/login
use at: portal.yourdomainDOTcom

Awesome, glad to hear that you’ve gotten it working! Thanks so much for the helpful summary Ian.

Hi Nicole,

Has there been any updates on the feature request. We’re facing a similar issue and are hoping there’s a workaround without needing to update our login domain or use some sort of proxy to set headers ourselves. Thanks.