From 03fce9f3911e2b1e988d95ff0ca1c0753abd2012 Mon Sep 17 00:00:00 2001
From: Hammer <hammer7839283@gmail.com>
Date: Wed, 28 Jan 2026 17:45:16 +0000
Subject: [PATCH] Fix cross-subdomain cookie auth for frontend/API split

---
 apps/api/src/lib/auth.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/apps/api/src/lib/auth.ts b/apps/api/src/lib/auth.ts
index abb9e1a..e01104a 100644
--- a/apps/api/src/lib/auth.ts
+++ b/apps/api/src/lib/auth.ts
@@ -24,10 +24,21 @@ export const auth = betterAuth({
   session: {
     expiresIn: 60 * 60 * 24 * 30, // 30 days
     updateAge: 60 * 60 * 24, // Update session every day
+    cookieCache: {
+      enabled: true,
+      maxAge: 60 * 5, // 5 minutes
+    },
+  },
+  advanced: {
+    crossSubDomainCookies: {
+      enabled: true,
+      domain: '.donovankelly.xyz',
+    },
   },
   trustedOrigins: [
     process.env.APP_URL || 'http://localhost:5173',
     'https://todo.donovankelly.xyz',
+    'https://app.todo.donovankelly.xyz',
   ],
   user: {
     additionalFields: {