Pega cookies restricting login to multiple environments
User's requirement is allow login to multiple Pega applications (Dev/Test and so on) using same user ID in different Internet Explorer tabs. Currently user is unable to do this and browser kicks user out from first application when user logins to another second application with the Pega user ID but in a different Internet Explorer tab.
Developer env app URL: http://host1:8080/prweb
Testing env app URL: http://host1:9090/prweb
Steps to Reproduce
1. Open Dev environment application URL in Internet Explorer tab1.
2. Open Test environment application URL in Internet Explorer tab 2.
3. Perform something in Internet Explorer tab1 & notice that session in Internet Explorer tab1 is stale.
A third-party product issue.
Both Developer and Testing application servers are running in the same physical box but on different ports, hence cookies are shared.
Specification on cookie management states that only protocol and host names are considered for cookie management; ports in the URLs are not. In this case, Browser assumes that both URLs are for the same application and cookies are overwritten.
Here’s the explanation for the reported behavior:
User used hosting system's DNS name or IP for second application to differentiate between application URLs.
Once the applications URL looked different, then browser started to recognize that both these applications are different, hence cookies conflict is avoided.
Dev app URL: http://host1:8080/prweb
Test app URL: http://<DNS of host1>:9090/prweb OR http://<IP of host1>:9090/prweb
0% found this useful