I had one more problem, couldn't figure out what's wrong after spending couple of hours.
I have three apps.
1) Nodejs api (api.someothedomain.com)
2) Angular SSR (example.com) [sessionScope=".thedigitalpoultry.com" in the UI] and for api set [cookieDomain=".thedigitalpoultry.com"]
3) Angular SPA (app.example.com)
According to the doc I did all the configuration (
https://supertokens.com/docs/thirdparty/common-customizations/sessions/share-sessions-across-sub-domains)
In production, I can authenticate user on example.com and set sAccessToken, sRefreshToken on domain .example.com. I have sameSite = "none", also it is reflecting in the cookie tab.
I can see the cookies in inspection mode, in app.example.com. However when xhr request is send to api.someothedomain.com from app.example.com, cookies are not being attached.
Everything works great in localhost. What am I missing ?
Also in the angular SSR app frontend what would be the apiDomain and websiteDomain ?