Why are my users getting signed out by third-party cookie blocking?

If your frontend calls the Forte API directly, the session cookie is set on Forte's domain — a third-party cookie that modern browsers block. Every service reserves the /_forte path prefix for exactly this: point the SDK's baseUrl at https://your-service-domain/_forte and the cookie is set first-party on your own domain.

Only client-side (forte.users.*) routes travel through the prefix, and those requests don't count toward your service's logs or metrics.

Read more about this in the documentation

Related questions

Still need help?

If this didn't answer your question, our team is one message away.

Contact support