is there a way to have sanctum on diffrent domains

Question

I have spa on domain A and a Laravel server on domain B I wanted to use sanctum but the cookies are only working in same domains so what u suggest is there any way around this? and I don't want to use token base AUTH on sanctum

Answer 1

Yes, it is possible you can use authorization instead of cookie

Laravel Sanctum offers this feature by storing user API tokens in a single database table and authenticating incoming HTTP requests via the Authorization header which should contain a valid API token.

but it is not possible with cookie and not scalable because session is stored in a single server. if you use multiple server.

Example :

i take server 1 and server 2 if you stored session in server 1 when u use same cookie and session in server 2 doesn't know server2 means your a invalid user.

so my suggestion is use JWT or sanctum token instead cookie. just use

  $user->createToken($request->device_name)->plainTextToken;

the above code generated token and stored in database ,you just send same token to the client for validate.

To validate just use

Authorization: Bearer <token>

your route guard automatically check the token

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    
});

Answer 2

No, there's no way around using cross-site cookies. It's a security feature. You'd have to implement your own authentication or use the same TLD.