Setting SameSite attribute for cookies from different render domains

Seeing as google is going to be deprecating third party cookies in 2024, I want to ensure my site is using SameSite: strict. Right now, I have it set to SameSite: None (third party cookie). I have a static React Site front end hosted on: and a NodeJS backend hosted on My question is what is the best approach from going from a policy like this in my backend:

 res.cookie("userToken", token, {
  maxAge: 3600000,
  httpOnly: true,
  secure: true,
  sameSite: "None",

to something where the sameSite attribute can be strict but also work given that they’re hosted on different domains…

Hi there,

You can’t use when setting SameSite to strict (even lax??) because it is on the public suffix list, so subdomains of are not considered the same site.

To achieve what you want to do, you will need to purchase your own domain and use it with your front and backend services as a custom domain.


Render Support, UTC+10 :australia:


Hi Keith,

Thank you for your timely response. After searching around I came to the same exact solution. I already implemented it and it works. Consider this thread closed!

P.S Render is a phenomenal hosting platform.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.