Multi tenant structure where frontend is custom domain : Cookies set as thirdparty
For some context - using django on backend and nextjs on frontend. On frontend, there is option to connect custom domains. When backend saves a session cookie in the browser, it is set as a third-party cookie (even though it is for/from the same service)
Now chrome does not allow third party cookies in incognito which breaks my flows in incognito window.
Is there a way around this using the existing system?
OR Will I have to implement this on my own?
Thanks in advance
Browser classify cookies as third-party when they originate from a domain different from the one displayed in the address bar. in your case, if frontend is served from mysite.com and the backend from api.mysite.com, cookies set by the backend are considered third-party by the browser.
you can make like strategy like, Serve your frontend and backend from the same root domain, such as app.mysite.com for the frontend and api.mysite.com for the backend. This configuration allows cookies to be recognized as first-party, mitigating third-party cookie issue.
and if custom domain is essential, consider structuring them as subdomain of your primary domain ex, tenant1.yoursite/service.com this will maintain a consistent root domain, facilitating cookie sharing.