Laravel subdomain routing with shared session

I am building an app that has few fixed subdomains and unlimted dynamic subdomains. For example foo.myapp.com, bar.myapp.com, etc. where myapp.com is main domain.

Each subdomain and main domain are on same Laravel project, using same database, but when using auth system (breeze) from subdomain to main domain (myapp.com/login) I get csrf error every time, no matter what I try to fix it.

At first it was cors error, which I fixed using allowed domains, I set domain to .myapp.com in config session file which should (by documentation and multiple other sources) make session persistent across all subdomains. My cookie name in session config is same for each subdomain and main domain.

But when sending post request myapp.com/login from foo.myapp.com I always get 419. I did dump in VerifyCsrfToken class in method tokensMatch and $request->session()->token() is different for each new request, but it should stay the same due the persistent session, no? This happens when using session driver as file and as database.

How to fix this (Laravel 10)? Lots of answers I found just say set domain to dot plus main domain or driver to anything else than file. I did both, but it doesn't work.