Technical question for the heavy hitters here. We changed our domain from domain.com to app.domain.com. Unfortunately, this has caused everyone that was logged in via LinkedIn to no longer be able to log in without manually clearing their cookies. We have about 1500 users that are experiencing this issue, most of which cannot be bothered to read an email about clearing their cookies. Is there a way to trigger invalidation of prior cookies, and resetting new ones?
The way we enable users to stay logged in is via a cookie. Cookies have to be set on URLs, so setting it for yourapp.io is different than setting it for subdomain.yourapp.io. When you migrate from a domain to a subdomain, your users will still have the cookies from the old domain, hence leading to the behavior your end users are seeing.
We recommend that users clear their cookies, and the good news here is that it should only affect each user once. Alternatively, they can use a browser that they don’t typically use.
I certainly understand it can be difficult to guide users to delete cookies. I’ve found this article on how to remove cookies from a single site in Chrome, IE, Firefox, Safari, or Opera that you might find helpful for guiding your users on how to do this. Here’s a snippet from the article:
Chrome: Select Menu > Settings > Site Settings > Cookies and site data > See All Cookies and Site Data. Find the site and click trash.
Firefox: Go to the site for which you want to clear cookies, click the padlock next to the URL, and select Clear Cookies and Site Data.
Safari: Go to Safari > Preferences > Privacy > Manage Website Data. Choose the website and select Remove.
Given this bug goes deep into the workings of cookies and subdomains, it is a sensitive and more time-intensive project because of the potential consequences, so this is something we plan on tackling in the long term.
