SSO shared between Single Page Application and Apache

In many of our applications, we use the Javascript Auth0 SDK to authenticate our users. We follow the standard pattern of checking a user session when the user arrives at the web app, meaning users are able to carry their session across all of our applications.

However, for one of our older applications that is a regular static website, we use the Apache SDK:

The problem we are having, is that the Apache SDK does not appear to check for active SSO sessions in the same way. Users who have an active session in our Single Page Applications are being asked to login again once they arrive at the regular website using Apache.

Have we implemented something incorrectly here? Is it possible for apache to check for this SSO session? I know in the Javascript Auth0 SDK, a cookie is used to associate a session, but realise that this is not possible using the Apache method.

Looking forward to hearing your thoughts.


Hi Liam

There are many possibilities here. To start with, are you using a redirect flow to log in? Which grants for both the SPA and the classic website?

Is the Auth0 cookie in the proper domain for both?

Any concrete details you provide will be helpful