'Request session present in private browser

I'm running an application using Play Framework and facing issues with the session data. I log in with an user in Chrome, and when I try to login with another user in firefox (even in a private tab) the request comes with a populate session, containing the same email and session id of the Chrome session. In some cases it's switching users sessions, without any of them do another login or logout.

Helpful info:

  • Our session configuration is setting the domain as localhost and the the sameSite is set to lax.
  • The request comes from the Controller Play class. And we retrieve the session like this: request.session()
javasessioncookiesplayframeworksession-cookies


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions