Can users log out from other applications when multiple applications store session cookies on the same domain? - PhpOut

saran3h
May 15, 2023
277 views
1 vote
2 Answers

We have multiple applications being hosted on the same domain. For all apps, the session is stored in a cookie which is on the same domain as well.

Now if a user can access more than 1 app from the same browser, the he/she are being logged out of the other apps.

Can someone guide me on how we can design the apps in such a way that session information is not overridden across multiple apps?

Tags: cookies reactjs session session-cookies spring-boot

Answers

Chosen as BEST ANSWER
- saran3h
- May 15, 2023 at 2:01 pm
- 0 votes
0
It turns out that this cookie is set from the server and we could control it from each application by configuring this extra property: server.servlet.session.cookie.name=Your_custome_name

Cookie name is unique across all apps and across all environments.

This is tested and working.

(Edit)

- JakubStrzadala
- May 11, 2023 at 3:01 pm
- 0 votes
0
Firstly, I’d like to mention that running multiple apps like this under the one domain should be discouraged since it could lead to security issues if one of these apps were compromised. One should use subdomains for this e.g., <app1>.<domain> then <app2>.<domain>

If you are still on this and want to achieve what you asked for, you must use the paths while setting cookies. As outlined on MDN web docs

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.