Authentication shared between sites on the same host

[maxxer]

What steps will reproduce the problem?

1. Configure two application on the same domain (i.e. localhost).
2. Switch identity on one of the two application
3. Load the second application: auth is lost, probably because the switched user doesn't exist on this app.

What is the expected result?

Authentication should be application dependant, not related to hostname.

[maxxer]

Whenever I switch identity on Site A I get logged of on Site B (which is still running dektrium's tools!)

[ajmedway]

Is this issue referring to 2 apps on:

• different subdomains, i.e. one.localhost and two.localhost
• main domain and it's subdomain, i.e. localhost and two.localhost
• same exact domain or subdomain and different root in subfolder, i.e. localhost/one and localhost/two

?

[maxxer]

Last example, very same host and different subdir

[ajmedway]

Hmmm, this is the behaviour I would expect really, although I would expect different subdomains/domain in first 2 scenarios to see it as a different app, because client cookies are domain/subdomain-specific. Maybe we can configure an extra parameter to instruct Usuario module of the specific domain and url pattern for each configured app?

[maxxer]

I'd use app id to generate a unique session identifier.

Maybe it's not a common case to have two apps on the same domain, but I don't see any drawback in adding this

[tonydspaniard]

I also believe is the expected behavior. Nevertheless, what's your proposed solution?