https://supertokens.com/ logo
Title
e

edistra

11/28/2022, 10:26 PM
Thanks for your answer, our API will actually be on a domain of it's own let's say api.xxx.io But we have two different domains for our client websites, xxx.eu and xxx.com, and when initializing Supertokens on the backend we can only define one website domain
r

rp

11/29/2022, 5:50 AM
hey @edistra
the websiteDomain on the backend is used for generating reset password or email verification links and setting cookie attributes. You can set the websiteDomain to any one of those domains, and then: - override the sendEmail function for email verification / reset password (if applicable) to change the link's domain based on the request's origin. - set cookieSameSite property in session.init on the backend to "none"
e

edistra

11/29/2022, 7:26 AM
Oh that's good news! Thanks for the info, will try it that way. We thought we would have issues when trying to initialize sessions from a different origin than the websiteDomain, but now it's more clear.
r

rp

11/29/2022, 7:26 AM
great!