Hi Guys, we have two react apps abc.example.com and xyz.example.com. And these are talking to a single server express app iou.example.com. Our issue is when we login into abc.example.com it automatically changes the cookie value for xyz, and shows it also as logged in. We have also tried adding sessionScope value to an exact domain, but the session is still being shared. Is there any way we can restrict this sharing?

hey @mb938328 In cookie based auth, the cookies are attached to the api layer. In this case, since you are using the same API layer, the sessions are shared. You can switch to using header based auth instead and it should be isolated sessions per sub domain.

thanks for a quick reply @rp_st I will try this and get back to you.

oh and you should not set sessionScope and cookieDomain in this case.

Okay got it,