We are trying to setup SSO authentication in our website, we have a particular escenario where we use the same app but with different access sub domains, like this:
Site A → a.example.com
Site B → b.example.com → proxy to a.example.com/path
We want to authenticate an user in a.example.com and reuse the same session in all subdomains.
However we are struggling with this setup because for some reason the user session information is lost when we change of subdomain, example:
Site A → a.example.com: User is logged and session is created
Site B → b.example.com: User change to site B and user information is lost (domain session cookie is still present)
Site A → a.example.com: User return to site A and user information is available again.
We added the cookie domain .example.com in our frontend client but still we have some issues when the app tries to access the user information in a different subdomain.
Has anyone done something similar?