MultiTenant session management for subdomains

aliihsan83 · June 19, 2016, 5:21pm

My api will serve to tenants which is seperated by subdomian for each company.
And I am trying to test if a user can connect to different companies in same browser in different tabs.
When I connect to 2 different subdomains, in the request, the last logged on subdomain’s session cookie is sent.

Request cookie for qa.localhost:3000

Request cookie for localhost:3000

As I know, in default, all cookies for subdomains are distinct if RestrictAllCookiesToDomain is not set.
And additionally, I can not see session cookie in subdomain qa :

But I can see it in default domain

Is there any setting to seperate session cookies for subdomains?

mythz · June 20, 2016, 12:54am

Rather than showing Web Inspector view, can you show the actual HTTP Headers containing the Set-Cookie and Cookie HTTP Headers for each subdomain?

aliihsan83 · June 20, 2016, 6:40am

Headers for localhost:3000 authentication

Headers for qa.localhost:3000 authentication

mythz · June 20, 2016, 6:53am

The cookies look right, if I had to guess the issue is likely your subdomain needs at lest 2 dots.

aliihsan83 · June 20, 2016, 7:07am

It does not change anything, still same issue.
http://qa.esneq.localhost:3000/ :

http://dev.esneq.localhost:3000/ :

But I will try to publish my real domain and retry again and inform you, thank you