Cookies are not sent to CDN subdomain?


I’m running all assets on a CDN-enabled subdomain. However, I’ve found that some attachments are now returning 404. These attachments are located in a private section of the forum.

Using the browser’s dev tool I found that these attachments are now using the CDN subdomain, and cookies are not being sent, resulting in me not logged in, hence the 404. The /login or /session request (whichever set the cookie) does not have a Domain key in Set-cookie.

I found some posts before related to the problem, but nothing is clear:–t-on-the-entire-domain-not-just-my-subdomain/43254/5

At this point I’m not sure whether this is a problem with my config or a bug. Or maybe intended behavior.

I’m aware of the option ‘prevent anons from downloading files’, but I would like it to remain checked.

Please help, and thanks for the awesome software.

An example, lest I have not explained it clearly:

The forum is on, thus all session cookies are on that domain.
Assets are on
The private attachment have an address of
When I tried to download it, no cookies are being sent because that is not the same domain. So no session, no log-in, 404.

1 Like

Hello, can anyone help?