Your backend is not on the same domain as the frontend? https://supertokens.com/docs/thirdparty/common-customizations/sessions/same-site-cookie According to this you only get this in this case: SuperTokens will automatically set the value of the sameSite cookie attribute based on your website and api domain configration. I think if you don't share a TLD it is necessary and safari doesn't like having sameSite: none cookies. You could think about moving all your things behind a reverse proxy e.g. nginx and have your frontend and backend live on the same domain e.g. frontend: mydomain.com and backend mydomain.com/api or afaik you could use sub-domains e.g. api.mydomain.com (backend) and mydomain.com or www.mydomain.com for the frontend. With this setup I would expect supertokens to use sameSite lax cookies which also should result in a happy safari.