@tbvgl Helped me identify that the root fix should be in Wappler’s middelware so I’m summoning @patrick @George
Core problem:
-
I login on
maindomain.com
,siteSecurity2.auth
cookie is set on.maindomain.com
and I’m logged in in this session, I see cookie:siteSecurityId: 1
in the redis session. -
I navigate to
sub.maindomain.com
- it automatically logs me in (thanks to the .auth cookie) -
I logout on
sub.maindomain.com
- it removes the.auth
cookie and my session is not logged in in redis (no siteSecurityId) -
I go to
maindomain.com
and i’m still logged in in the session, BUT the.auth
cookie is gone -
I go to
sub.maindomain.com
and I’m NOT logged in. Because the.auth
cookie is missing and I was logged out of the session in step 3.
Desired: when logging out on a subdomain, it logs me out of the session on the main domain and any other subdomains
Extra info:
- Using nodejs and redis
- The cookie options at the security provider are set to
.maindomain.com