From 681750f92d7fe517e7cc184cb4b65e6a21903ee9 Mon Sep 17 00:00:00 2001
From: yon <38630464+yonbh@users.noreply.github.com>
Date: Fri, 29 Oct 2021 08:54:09 +0100
Subject: [PATCH] docs: add subdomain configuration in csrf page (#1896)

Add some instructions as to how kratos can be configured to work across subdomains.
---
 docs/docs/debug/csrf.mdx | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/docs/debug/csrf.mdx b/docs/docs/debug/csrf.mdx
index 8533956ad4d1..cff50b8efa9e 100644
--- a/docs/docs/debug/csrf.mdx
+++ b/docs/docs/debug/csrf.mdx
@@ -86,6 +86,9 @@ do in the Quickstart guide.
 We do not recommend running them on separate subdomains, e.g.
 `https://kratos.my-website/` and `https://secureapp.my-website/`).
 
+To allow cookies to work across subdomains, make sure to set the domain name
+in the Kratos config file under [`session.cookie.domain`](https://www.ory.sh/kratos/docs/next/guides/configuring-cookies/#session-cookies).
+
 Running the apps on different TLDs will not work at all, e.g. e.g.
 `https://kratos-my-website/` and `https://secureapp-my-website/`.