I want to keep users authenticated across subdomains. That is perfectly doable with a shared sessions and accounts folder, but the only missing piece is setting the domain attribute on the cookie to the TLD. That is currently not possible without patching core.
Seems like an easy fix?
I’d also love that. That way the session cookie can be used in a headless setup too (with Kirby running on a subdomain).