Hey team , Supertokens involve third party cookies for auth in case of cookie based authentication . Chrome has disabled thirdparty cookies for 1% users and soon will be disabling third party cookies . How will the cookie based auth work then ? Would we need to move to header based in that case ? If yes , how will session sharing work ?

hey @Tushar you can continue to use cookie based auth if you change your api domain to not be a third party domain

So by session sharing I meant is sharing cookies across two websites on the same base domain to be able to share user sessions . In such case where website one is on api1.test.com and two is on api2.website.com . then I see the only way to be able to sharing cookies on these two domains and two avoid third party cookies is that our api domain should be website.com . Do you see any other way to solve it ?

sharing of session across two sub domains is possible via header based auth as well

Can you point me to the documentation for that and how does that work if cookies aren't involved .

It’s the same setting

Oh so you mean sessionTokenFrontEndDomain needs to be set along with token transfer to header .

yes

Thanks much . Also how does session sharing work in this case if it doesn't use cookies , trying to understand the logic behind .

we use frontend cookies to store the tokens. Which can be shared across sub domains