Fix cross-subdomain cookie auth for frontend/API split

apps/api/src/lib/auth.ts

@@ -24,10 +24,21 @@ export const auth = betterAuth({
   session: {
     expiresIn: 60 * 60 * 24 * 30, // 30 days
     updateAge: 60 * 60 * 24, // Update session every day
+    cookieCache: {
+      enabled: true,
+      maxAge: 60 * 5, // 5 minutes
+    },
+  },
+  advanced: {
+    crossSubDomainCookies: {
+      enabled: true,
+      domain: '.donovankelly.xyz',
+    },
   },
   trustedOrigins: [
     process.env.APP_URL || 'http://localhost:5173',
     'https://todo.donovankelly.xyz',
+    'https://app.todo.donovankelly.xyz',
   ],
   user: {
     additionalFields: {