1

I'm setting up a new dev environment on a windows 10 pro installation. Therefore i am exporting my spring-boot applications as .jar file and start it as windows service on different ports.

  • Spring boot app 1 on port 10001
  • Spring boot app 2 on port 10002
  • and so on

I already unlocked those ports in my firewall and everything seems working perfectly fine.

When I log into the application with port 10001, everything seems fine as well. However as soon as i log into another application (10002) i get automatically logged off on the 10001 application.

To sum it up, I am only able to be logged into one application at a time.

I am using a MySql8 Server installation. All applications have their own databaseschema. Additionally i am using spring security for authentication.

Because all those applications are running perfectly fine on our productive server (jelastic web hosting) it should have something to do with my dev environment instead of a code issue.

zFr3eak
  • 235
  • 1
  • 6
  • 21
  • Do you save logs on some folder? – Jonathan JOhx Jan 20 '19 at 18:28
  • i am not excatly sure what your question is about. I have the logs of both running jar files in my terminals. However there is nothing uncommon, everything seems perfectly fine. I just realised it is enough to call the /login function on one of each application in order to log the user out of ALL applications. So calling /login on one application will force all other applications to logout too. It seems as those applications would be connected to each other, but i have no clue why. – zFr3eak Jan 20 '19 at 19:09
  • 1
    I was just thinking about the problem could be the browser, because all applications share the same domain (localhost) and only differ on the port side. Maybe the browser is deleting the session cookie for all applications which have the localhost domain? – zFr3eak Jan 20 '19 at 19:12
  • I wanted to know if you are logging(backend output) each session so that you can see if your backend works well, this way you can say the issue is in – Jonathan JOhx Jan 20 '19 at 20:59

2 Answers2

1

As already mentioned in my comment above, the problem is not related to any software bug, instead its just how http is defined:

"Cookies do not provide isolation by port. If a cookie is readable by a service running on one port, the cookie is also readable by a service running on another port of the same server."

Are HTTP cookies port specific?

I solved my issue by using SSL encryption and different subdomains.

zFr3eak
  • 235
  • 1
  • 6
  • 21
1

I'm happy you solved your problem. I don't think that using SSL and subdomains is the most simplistic solution to your problem though, especially if you are running automated tests in that environment, ssl might slow you down a bit.

There is a well known address you can bind your application to: 127.0.0.1. However, most people don't know, that your loop back device is actually listening to 127.0.0.1/8 in other numbers 127.0.0.1 with a netmask of 255.0.0.0 which means you can bind your services to any address in a whole class a subnet.

TLDR: try binding your application 1 to 127.0.0.2 and application 2 to 127.0.0.3. That should help with the cookies and later on, if you add monitoring ports, will make your life of managing port numbers easier.

Richard
  • 1,543
  • 1
  • 9
  • 13