Enabled cross-subdomain console sessions by making the cookie domain configurable and aligning the frontend so it reads the shared CSRF cookie. (#27190)

docker/.env.example

@@ -348,6 +348,11 @@ WEB_API_CORS_ALLOW_ORIGINS=*
 # Specifies the allowed origins for cross-origin requests to the console API,
 # e.g. https://cloud.dify.ai or * for all origins.
 CONSOLE_CORS_ALLOW_ORIGINS=*
+# Set COOKIE_DOMAIN when the console frontend and API are on different subdomains.
+# Provide the registrable domain (e.g. example.com); leading dots are optional.
+COOKIE_DOMAIN=
+# The frontend reads NEXT_PUBLIC_COOKIE_DOMAIN to align cookie handling with the API.
+NEXT_PUBLIC_COOKIE_DOMAIN=
 
 # ------------------------------
 # File Storage Configuration