Is it possible to not share a cookie between different origin subdomains? For example, I have an API hosted on AWS at e.g.
abcd1234.execute-api.eu-west-1.amazonaws.com. It is set up for CORS to allow access from
*.app.com, and the auth cookie works fine. The problem is, I want to have different auth cookies for different
app.com subdomains, so that you can be logged in as a different user for each subdomain. Currently, if I log in as an admin at
admin.app.com, then access
user.app.com, the browser is still sending the cookie set at
Apparently it's not possible to do this. I instead opted for having separately named cookies based on the origin of the request.