Issue with Session Sharing Across Different Auth0 Applications and Domains

Setup Details:

  • New Project (Customer): Running on http://localhost:3001
  • Old Project (Main): Running on http://localhost:3000
  • Auth0 Configuration: Created separate applications in Auth0 for each project, each with its own client ID and client secret.

Problem: When a user signs up and logs in through the new project (Customer) and then opens the old project (Main) in a new tab of the same browser, the old project shows the same user logged in. This issue does not occur when using a different browser or an incognito tab.

What I’ve Tried:

  • Verified that each application has its own client ID and client secret.
  • Ensured that Auth0 applications are configured with the correct callback URLs, logout URLs, and web origins for each domain.

Additional Information: Both applications are running locally on different ports (3000 and 3001) but share the same Auth0 account and are under the same project setup.

Questions:

  • How can I ensure that sessions are isolated between these two Auth0 applications?
  • Are there specific Auth0 configuration settings or cookie attributes that need to be adjusted to prevent this session overlap?

Hi @sajood.rehman,

Welcome to the Auth0 Community!

You could use a regular and incognito browser to isolate the sessions.

There are also no specific settings on the Auth0 side that can prevent this session overlap. The best way to test separate sessions, like in this scenario, is to use a regular and incognito browser.

Let me know if you have any questions.

Thanks,
Rueben

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.