I figured out what was wrong and wanted to post in case it will help anyone else.

My issue was that I needed to set the credentials in order for the cross domain cookies to work. So I had to change my laravel-cors config to:

return [
    'supportsCredentials' => true,
    'allowedOrigins' => ['*'],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['GET', 'POST', 'PUT',  'DELETE'],
    'exposedHeaders' => [],
    'maxAge' => 0,
    'hosts' => [],
];

And then in my AJAX request, I had to add the appropriate parameter:

$.ajax({
    type: 'POST',
    url: 'http://api.subdomain.com/auth/login',
    xhrFields: {
        withCredentials: true
    },
    data: {
        'email': $('#email').val(),
        'password': $('#password').val()
    },
    success: function(response){
        console.log(response);
    }
});