IdentityAdmin vs IdentityManager

[BruceHunter]

I setup Admin under https://localhost:44301/admin
I setup Manager under https://localhost:44301/manager

Each site is using Cookie Authentication with separate startup code.
Each site is using UseOpenIdConnectAuthentication
Each site is using AdditionalSignOutType "oidc"
Each site has their own cookie name.

using AdminHostSecurityConfiguration (Admin)
using HostSecurityConfiguration (Manager)

Admin has it's own Role name
Manager has it's own Role name

The user is given both roles in the IdSrv.

The issue is that if you login to Admin all is well. Local Storage is good and Cookie is created.

If you jump over to the Manager Url then you get an error. The cookie isn't created. You are forced to logout and then you hit back to login and all is well.

If you jump over to manager. The issue happens.

It seems to be an issue if these sites are under the same domain with sub virtual directories.

I don't think the cookie is the issue. I think that the LocalStorage key that is created first is the issue and it should be a unique name.

I can solve the issue by separating these sites to manager.domain.com or admin.domain.com (But I don't want to do that)

I hope I was clear enough.
Does anyone know how to resolve this or is this a bug?

Also, I have another site where I'm just using local storage only with oidc-client-js and don't have this issue. Seems like the cookie creations process has failed me.

[iBoonz]

Do the cookies have different names? :)

[BruceHunter]

Yes, they do indeed.

…

On Jul 29, 2017 3:45 PM, "Bert Hoorne" ***@***.***> wrote: Do the cookies have different names? :) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#71 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADa2bk-KYeCt8NbxjcoDCO1Au0AUfsYJks5sS4vNgaJpZM4OUuzl> .