set the right domain

lib/getDomain.ts

@@ -0,0 +1,41 @@
+const PUBLIC_SUFFIX_BLOCKLIST = new Set([
+    "localhost",
+    "127.0.0.1",
+  ]);
+  
+  export function getCookieDomain(hostname: string): string | undefined {
+    if (!hostname) return undefined;
+  
+    const cleanHost = hostname.toLowerCase().split(":")[0];
+  
+    // 1. Local / dev environments → no domain
+    if (PUBLIC_SUFFIX_BLOCKLIST.has(cleanHost) || cleanHost.endsWith(".local")) {
+      return undefined;
+    }
+  
+    const parts = cleanHost.split(".").filter(Boolean);
+  
+    // 2. IP address → no domain cookies
+    const isIp = parts.every((p) => /^\d+$/.test(p));
+    if (isIp) return undefined;
+  
+    // 3. Must have at least domain + tld
+    if (parts.length < 2) return undefined;
+  
+    // 4. Handle common case: api.example.com → example.com
+    const rootDomain = parts.slice(-2).join(".");
+  
+    // 5. Safety: avoid setting cookie on known public suffix-like domains
+    const unsafeTlds = new Set([
+      "vercel.app",
+      "netlify.app",
+      "github.io",
+      "firebaseapp.com",
+    ]);
+  
+    if (unsafeTlds.has(rootDomain)) {
+      return undefined;
+    }
+  
+    return `.${rootDomain}`;
+  }