Is Kratos suitable for microservices separated by subdomain

I have an architecture made up of apps running on GCP Cloud Run “serverless” servers, with each app located on a different subdomain - app1_product_com, app2_product_com, etc. Each app is directly exposed to the web, and is not fronted by a gateway or reverse proxy.

The cookie that holds the current user session state is shared across all of the apps via cookie setting

Can Kratos be used in this scenario? If so, how? After reading the docs, it seems that Kratos wants the entire app to live beneath one host (e.g. app_product_com).

One solution might be to use Kratos to back our identity app (id_product_com), and after a successful login/registration, set a second separate session cookie with However, keeping this new session cookie in sync with the Kratos session might be an issue.

Any solutions would be welcome. Kratos looks like a fantastic product, and I’d be happy to use it if possible.

You are correct, the entire app currently needs to reside on the same domain or on a subdomain. I think we could make a change to ORY Kratos to allow setting the session domain manually, which would allow you to have, for example,,, If you track that as an issue (or provide a PR) I’d be happy to accept the change request and merge it :slight_smile: