0

I am trying to implement a feature similar to Slack where my application is a multi-tenant app, and a user can be logged into multiple accounts. Each account will be tied to a different domain. If logged into 2 different accounts, the user should be able to switch back and forth between the accounts. Also, the sessions should be managed independently. If one session expires, and the user needs to login, that expired session should not affect the other active sessions.

View Slack Image

The issue I am seeing is the different domain sessions override each other. This is a react frontend with Okta

Thanks for your time.

Jessie
  • 9
  • 3

1 Answers1

0

There are some gaps which require details, but here are few pointers that might help you.

Post authentication, you should be storing the authentication information like the session expiry, username in some form (local / session storage)

If I login to your application and choose a domain like (acme.com), the session information should be stored in a key like acme.com or hash(acme.com) so that how much ever domains, I login into, there will be unique keys to identify sessions and there will be no conflict of keys.

Once the domains are changed (like you switch workspaces in slack) there will be a new login session established (first time), which sets up the session information like described above.

For every workspace / domain change, the authentication libraries would be called and they would validate the stored session information, which gives the right data and expiry and user gets to use the application without issues.

Do share your implementation details or any issues had you implemented this solution.

Saravanan
  • 7,071
  • 3
  • 35
  • 68