1

I'm developing a Single Sign On server using Spring OAuth2. My demo app includes 1 sso-server and 2 client apps (both clients either Spring apps with @EnableOAuth2Sso or Angular 5 apps). It works with the basic case:

  1. An unauthenticated user opens app1/home -> redirect to oauth2/login -> login sucess -> redirect app1/home
  2. The user open app2/home -> he dont need login and open app2/home immediately.

But the problem when following the flow:

  1. An unauthenticated user opens app1/home -> redirect to oauth2/login (the user dont login immediately)
  2. The user open app2/home -> redirect to oauth2/login (the user also dont login immediately)
  3. The user login app1 -> He is redirected unintentionally to App2 Home
  4. The user login app2 -> He is redirected unintentionally to SSO Server Home

And the error chain would continue when I get the app3, app4... . Summary, when I open many login browser tabs parallel and then actually login one of them I will be redirected to the last app that I opened.

Could anyone please give me some suggestions?

user123
  • 577
  • 5
  • 23

1 Answers1

0

This is a problem of cookie: with the same browser the session cookie created and setted from spring at point 2 overwrites the cookie at point 1.

Continuing in the chain, at point 3, user1 login with cookie of user2, for this it will redirect to app2 home.

Gianluca Pinto
  • 235
  • 3
  • 6