Cross-domain login allows your members to stay logged in as they navigate between your different domains and subdomains that have Memberstack installed. This creates a seamless experience where users don't need to repeatedly log in when moving between your websites.
Important: Cross-domain login works for sites that share the same root domain (e.g., yoursite.com and app.yoursite.com). It does not support completely different domains (e.g., yoursite.com and yourothersite.com).
How Cross-Domain Login Works
By default, Memberstack uses browser localStorage for authentication, which is domain-specific and cannot be shared between different domains or subdomains. Cross-domain login works by:
- Switching from localStorage to cookies for authentication
- Setting those cookies on the root domain so they're accessible to all subdomains
- Using secure, HTTP-only cookies to maintain the authentication state
Prerequisites
Before enabling cross-domain login, ensure you have:
- Custom Domains configured in your Memberstack settings
- SSL certificates (https) for all domains where Memberstack is installed
- The same Memberstack account and App ID used across all sites
Warning: If you don't set up Custom Domains correctly in Memberstack settings first, cross-domain login will not work properly.
Implementation Guide
Option 1: Standard Memberstack Installation
Add the following code above your existing Memberstack installation script on all websites where you want cross-domain login:
<script>
const memberstackConfig = {
useCookies: true,
setCookieOnRootDomain: true
}
</script>Example of complete implementation:
<!-- Step 1: Add the configuration script FIRST --
<script>
const memberstackConfig = {
useCookies: true,
setCookieOnRootDomain: true
}
</script>
<!-- Step 2: Keep your existing Memberstack installation script --
<script data-memberstack-app="YOUR_APP_ID_HERE" src="https://static.memberstack.com/scripts/v1/memberstack.js"></script>Option 2: DOM Package Implementation
If you're using the Memberstack DOM package, add the configuration options to your init function:
memberstackDom.init({ publicKey: "YOUR_PUBLIC_KEY", useCookies: true, setCookieOnRootDomain: true // other options... })
Testing Cross-Domain Login
After implementation, follow these steps to verify cross-domain login is working:
- Open your main domain (e.g.,
yoursite.com) in a browser - Log in with a test account
- In the same browser, open your subdomain (e.g.,
app.yoursite.com) - Verify you're automatically logged in
- Check browser cookies to confirm
_ms_cookieand_ms_midare set for.yoursite.com(note the leading dot)
Troubleshooting Cross-Domain Login
Based on customer feedback, these are the most common issues customers encounter with cross-domain login:
Login Not Persisting Between Domains
- Check Custom Domains: Verify you've added all domains in Memberstack's Custom Domains settings
-
Verify Cookie Settings: Open browser dev tools and check that
_ms_midcookie is set for the root domain (.yoursite.com) with the leading dot -
Check Script Order: The
memberstackConfigscript must appear before the Memberstack installation script - Verify HTTPS: All domains must use HTTPS for secure cookies to work properly
Social Login Not Working with Cross-Domain
When implementing cross-domain login, social authentication (like Google, Facebook) may encounter issues due to cookie settings and redirects.
- Ensure
SameSitecookie attributes are properly set - Check that redirect URIs in your social provider settings match your domains
- For mobile-specific issues (especially Android), ensure proper handling of redirects
Logout Not Working Properly
If logging out doesn't work consistently across domains:
- Make sure the logout function is called with the proper context
- After logging out, verify all Memberstack cookies are being removed
- Use
await window.$memberstackDom.logout()to ensure proper logout
Browser-Specific Issues
Different browsers handle cookies differently:
- Safari has stricter tracking prevention which can affect cross-domain cookies
- Mobile browsers may have different cookie policies
- If testing in incognito/private mode, some cookie features may be restricted
FAQ
Can I use cross-domain login between completely different domains?
No, cross-domain login is designed for domains sharing the same root domain (e.g., yoursite.com and app.yoursite.com). For completely different domains, users will need to log in separately on each site.
Can I set different redirect URLs for each domain?
Yes, but this requires using form-level redirects according to Memberstack's redirect hierarchy. Since there are no domain-specific redirect settings, you need to configure redirects on the forms placed on each domain:
Redirect Hierarchy in Memberstack:
- Default redirects: Affects all members on your site
- Plan-level redirects: Overrides default redirects for specific plans
- Member-level redirects: Customized for individual members
- Form-level redirects: Highest priority, set on specific forms
To achieve domain-specific redirects:
- For
yoursite.com: Add form-level redirects to forms on this domain (e.g.,/dashboard) - For
app.yoursite.com: Add different form-level redirects to forms on this domain (e.g.,/app-dashboard)
Note that all redirects must be relative links. You cannot redirect to another website or subdomain after signup, login, checkout, or logout.
For most projects, we recommend using default and plan-level redirects for simplicity, unless you specifically need different behavior on different domains.
Will this affect my website's security?
Cross-domain login uses secure HTTP-only cookies, which are a standard security practice. However, ensure all domains use HTTPS to maintain security, as cookies with the secure flag will only work on HTTPS sites.
How does this affect GDPR compliance?
If you're using cookie consent banners or GDPR compliance tools, you may need to whitelist Memberstack cookies. See our GDPR/CCPA cookie documentation for more details.
Technical Details for Developers
For those implementing custom solutions or troubleshooting advanced issues:
- Cross-domain login sets the following cookies on the root domain:
-
_ms_mid: Member ID token -
_ms_cookie: Authentication session cookie
-
- These cookies are HTTP-only and secure to prevent client-side JavaScript access
- Cookie max-age is set to maintain session for extended periods
- The
SameSiteattribute is set to ensure proper cross-subdomain functionality
Comments
21 comments
Josh Lopez when will this be available in the memberstack/dom package? thanks.
Hey Suhail Razzak 👋
It is available now! In the init function you would need to add two additional properties like:
memberstackDom.init({ ... useCookies: true setCookieOnRoot: true })Thank you! Will check it out 👍
Hello I'm almost there thanks for this feature, but now I want to GATE the entire subdomain. How to do it please ?
When I add the script I get "Access blocked: This app's request is invalid" error when using Google SSO. Also website becomes not secure in the browser.
I think this is because I have a reverse proxy and it breaks something.
(Custom domain was set up correctly and it works just fine)
Hi Josh. Thanks for putting together this guide. Have you tested this with the React package? https://developers.memberstack.com/docs/react-package#memberstack-provider
I might have expected that you could pass in the same two config options as you would to memberstackDom:
memberstackDom.init({...
useCookies: true
setCookieOnRoot: true
})
when initializing the <MemberstackProvider config={config}/> but it doesn't seem to have an effect. The `_ms-mid` cookie is still getting written for the subdomain, and not the root domain.
Hey, I have set up custom domains for our site but for some reason the production webflow site, is now not able to retain it's login state. As soon as I login, it logs me out. i.e the logout button is not visible anymore and _ms_member cookie is also gone. Used to not happen before setting up custom domain and doesn't happen on staging site either.
Hey Simran Sidhanti
I haven't seen this come up. What is your url so i can take a look?
https://www2.microburbs.com.au/memberstack/memberstack
https://microburbsstaging.webflow.io/memberstack/memberstack
Hey Josh Lopez this is the production and staging webflow url. I am just testing the MS login system so ignore the design.
Simran Sidhanti
It looks like you found something we didnt account for! We just updated the code and you should be good to go now. I just tested and its working for me.
Josh Lopez
Hey Josh. Thanks for the quick fix, the cross domain login is working well now. But the logout functionality has stopped working now. Whenever I click the logout button, it still keeps the user logged in. If you could have a look at that, that would be great. Cheers
Simran Sidhanti
I just took a look and i didnt see a logout button. I did use await window.$memberstackDom.logout() in the console and was able to logout so it should work if a logout button is added because thats the code it uses.
Josh Lopez
There's a logout button at the bottom right. And even though you using your await window.$memberstackDom.logout() code says it's logged out, the logout button still remains there which gets hidden if the user is actually logged out.
https://cdn.discordapp.com/attachments/912694468031950868/1192358469991420005/image.png
You can also confirm that by looking at the ms_member key in the local storage. Which is absent when logged out. If you wanna confirm logged out button gets hidden upon logging out, you can check our staging site on which it gets removed. But in custom domain one, it immediately logs you back in.
We just released a fix for this! Everything should be good to go now! :)
I seem to understand that cross chain is only for subdomain of the same root...for true cross chain retaining the sign in.
we are trying to build a media content network of multiple brands but seamlessly have the same paid member user base have access to the all te paid content across our brands.
Can I use the same memberstack account for membership sign up form and login pages on multiple websites techincally without cross chain semaless? Like each ones requires independent logins and i create the individual plans and gated access for each?
i.e.
abc.com > user sign up/sign in > free plan abc > gain access permission to gated bonus content on abc.com
abc.com > user sign up/sign in > paid members plan > gain access permission to both free gated bonus content > also gain access to exclusive paid only content for abc.com
I install same account code to site def.com. The user has to login in separately and can not go back and forth between abd.com and def.com logged in to both seamlessly.
def.com > user sign up/sign in > free plan def > gain access permission to squarespace membersite gated bonus content on def.com
def.com > user sign up/sign in > paid members plan A > gain access permission to gated free bonus content > also gain access to gated exclusive paid only content for def.com
So can members can get access to either site like that?
Hi, I have a question:
What if a user logs into subdomain1.yoursite.com, then goes to subdomain2.yoursite.com, will the user still be logged in over there?
I have domains currently hosted on heroku and have CNAME records that point from my sub domain the the heroku domain. I am unable to add another CNAM record for my sub domain. Any help would be greatly appreciated. I have spent days on this problem and have not been able to find a solution.
Hi,
my 2 subdomains are as follows:
subdomain1 (where users create their account) is NextJs where I've adjusted layout.tsx to include these variables:
<MemberstackProvider config={{publicKey: process.env.NEXT_PUBLIC_MEMBERSTACK_PUBLIC_KEY as string,
useCookies: true,
setCookieOnRootDomain: true
}}>
subdomain2 is a Circle.so community. Since i'm using Cloudflare, I attempted to add the javascript snippet through Zaraz (which should add it to the head via proxy)
Needless to say it's not working. When my users create an account on subdomain1, i redirecto them to circle's auth login (on subdomain2) which routes them to the Memberstack hosted auth page (also on my subdomain)
So everything is on the same domain. My expectation is at most the user will just have to "authorize" the connection between MS and Circle but not have to log in again.
thanks for your help!
Yoav Schwartz On the subdomain2, did you install the script with the data-memberstack-use-cookies attribute?
```
<script data-memberstack-app="APP_ID_HERE" data-memberstack-use-cookies src="https://static.memberstack.com...." type="text/javascript"></script>
```
Because if not then the subdomain2 might still be using localStorage for session detection.
More information on this: https://docs.memberstack.com/hc/en-us/articles/14958076984347-Override-Memberstack-to-use-cookies-instead-of-local-storage
subdomain2 is hosted by circle.so, where i have SSO with Memberstack enabled, which means it must already have memberstack installed.
So the script i have injected with Zaraz (Cloudflare) is:
i just tried adding the installation script itself with the suggested data attribute, but that didn't work either. Once the user hits subdomain2 (circle.so) they get redirected to auth (subdomain3)
Is possible to have a separate login redirect for each specific website? For example:
Users sign ups on abc.com > redirected to abc.com/dashboard
User signs up on pro.abc.com > redirected to pro.abc.com/dashboard
I want in both sign ups to be assigned the same plan id.
Please sign in to leave a comment.