Hi, I'm in a situation where I have my regular user login at app.xyz.com and my admin login at admin.xyz.com. They are associated with separate tenants but point to the same api. If I log into app.xyz.com then log into admin.xyz.com from a different tab in the same browser my session for app.xyz.com gets overwritten. app.xyz.com does not go back to the login screen ever because it is essentially still a valid session for that xyz.com. I have tried switching header auth but that does not resolve it. I looked into setting sessionTokenFrontendDomain for each tenant and redirecting to an allowed domain based on the link below but I'm not sure that is the right approach either. I am using a separate tenant for each domain and would like to have 2 separate sessions for users logged in at the 2 respective urls. Is this possible? https://supertokens.com/docs/emailpassword/common-customizations/multi-tenancy/sub-domain-login#step-6-limiting-the-users-access-to-their-sub-domain

hey @robottonyc header based auth should solve this issue

I did not try the header based auth and sesstionTokenFrontEndDomain combined. Testing that right now

you don't need onFailureRedirection

Man using tokenTransferMethod AND sessionTokenFrontendDomain looks to have fixed it. I was so close but didn't try the 2 together Thank you so much!

haha! well.. im glad it worked out