Setup Details:
- New Project (Customer): Running on
http://localhost:3001
- Old Project (Main): Running on
http://localhost:3000
- Auth0 Configuration: Created separate applications in Auth0 for each project, each with its own client ID and client secret.
Problem: When a user signs up and logs in through the new project (Customer) and then opens the old project (Main) in a new tab of the same browser, the old project shows the same user logged in. This issue does not occur when using a different browser or an incognito tab.
What I’ve Tried:
- Verified that each application has its own client ID and client secret.
- Ensured that Auth0 applications are configured with the correct callback URLs, logout URLs, and web origins for each domain.
Additional Information: Both applications are running locally on different ports (3000 and 3001) but share the same Auth0 account and are under the same project setup.
Questions:
- How can I ensure that sessions are isolated between these two Auth0 applications?
- Are there specific Auth0 configuration settings or cookie attributes that need to be adjusted to prevent this session overlap?