Hosted Backend support for separate apps on subdomains of a common apex domain
Problem
We have separate environments running at subdomains:
dev.example.com
staging.example.com
preproduction.example.com
app.example.com
Each site is its own application, own tenant, pointed to a common FA server
When I login to dev.example.com, and using the same browser login to preproduction.example.com, the cookies which are associated with the apex domain (app.at, app.rt, app.at_exp, app.idt) are overwritten by each other. This causes the app to send the user to the login screen anytime they are switching between apps.
Solution
Ideally this cookie name prefix (app) would be configurable per tenant and/or application so that when the cookie is written it does not conflict with other applications sharing the same apex domain.
Alternatively (and probably a less friction change) the cookie name could use the client ID of the application as the prefix, which would already be present when sending the user to /app/login for the hosted backend usage.
I realize this would require how cookies are retrieved for a backend expecting app.at, perhaps this application prefixing would have to be an opt-in feature configured at the application (or tenant) level so that existing usage would not be broken.
Alternatives/workarounds
The only alternative is to bring up our own hosted backend, store the cookies with unique names per application, use less of the built in functionality of the React SDK (since it relies on app. prefixed names and these would be different). Or live with it and the user experiences a bit of a bounce when switching between apps.
Additional context
This info is related but still not specifically part of this request: Since we are cloud hosting FA, I did setup separate custom domains for each app (auth-dev.example.com, auth-preproduction.example.com). This allowed the remember my device, and SSO functionality to work properly. Without doing this and having all the apps point to a single subdomain auth.example.com the users had to re-login when moving between apps. Now they just experience a slight bump but SSO takes care of the user getting re-authenticated automatically.
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
Hosted Backend support for separate apps on subdomains of a common apex domain
Problem
We have separate environments running at subdomains:
dev.example.com
staging.example.com
preproduction.example.com
app.example.com
Each site is its own application, own tenant, pointed to a common FA server
When I login to
dev.example.com, and using the same browser login topreproduction.example.com, the cookies which are associated with the apex domain (app.at, app.rt, app.at_exp, app.idt) are overwritten by each other. This causes the app to send the user to the login screen anytime they are switching between apps.Solution
Ideally this cookie name prefix (app) would be configurable per tenant and/or application so that when the cookie is written it does not conflict with other applications sharing the same apex domain.
Alternatively (and probably a less friction change) the cookie name could use the client ID of the application as the prefix, which would already be present when sending the user to /app/login for the hosted backend usage.
I realize this would require how cookies are retrieved for a backend expecting
app.at, perhaps this application prefixing would have to be an opt-in feature configured at the application (or tenant) level so that existing usage would not be broken.Alternatives/workarounds
The only alternative is to bring up our own hosted backend, store the cookies with unique names per application, use less of the built in functionality of the React SDK (since it relies on
app.prefixed names and these would be different). Or live with it and the user experiences a bit of a bounce when switching between apps.Additional context
This info is related but still not specifically part of this request: Since we are cloud hosting FA, I did setup separate custom domains for each app (auth-dev.example.com, auth-preproduction.example.com). This allowed the remember my device, and SSO functionality to work properly. Without doing this and having all the apps point to a single subdomain
auth.example.comthe users had to re-login when moving between apps. Now they just experience a slight bump but SSO takes care of the user getting re-authenticated automatically.Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.