I tried to figure it out by myself, but I can’t find a solution for this:
I basically have 3 modules in my application. Each module is used as a portal (e.g.: users, companies etc.) which use their own user components and UserIdentities for authentication. A user has to be logged in into the module to access any of its controller actions (via "beforeControllerAction").
I configured the separate user components in the applications main config like this (under ‘modules’):
This way I can separate the different user sessions by defining the StateKeyPrefix. Everything works fine despite one thing. I can’t get the logout action to work properly. Everytime I use something like
it deletes EVERY session and I am logged out of all the modules.
The problem is that one should be able to have a "module A" account and a "module B" account and to be logged in in both of them at the same time with different accounts.
I need to just log out the user of the current module. Like deleting only sessions with the prefix ‘_modulename’.
I know that it would work that way, but as the modules are more or less separate applications I wanted them to have their own authentication, completely separated from the main application. I just wondered why you are able to login a user with