🔄 Revert
- Support cross-domain cookie " - by @himself65 in #4482 (22b78)
Why this was reverted
- Cross-domain cookies are not reliable
Modern browsers block 3rd-party cookies by default (Safari, Firefox, and Chrome withoutpartitioned). Even when cookies are set, they are not accessible to the server in SSR contexts. partitionedis Chrome-only
ThePartitionedflag works in some Chrome versions but is unsupported in other browsers, leading to inconsistent behavior.- Server access is broken
Even ifrender.comsets a cookie forvercel.app, the Next.js server onvercel.appcannot read it. This causes SSR to fail, making the approach unsuitable for fullstack apps (works only for pure SPAs). - Misleading API/docs
The current API suggested this was supported, but in reality the behavior is confusing and inconsistent.
Workarounds
- Use Next.js rewrites to proxy API calls so that both frontend and backend share the same parent domain.
- Store tokens in localStorage (SPA only, SSR disabled).
- Deploy frontend and backend under a shared domain (via Vercel, Render, or DNS like Cloudflare).
- Remember: cross-site cookies will not work reliably in modern browsers.
🐞 Bug Fixes
- organization: Member and team hooks should apply on create organization - by @Bekacru in #4600 (7fc23)