Confused by API when using across two applications on same domain

[mildfuzz]

I have two applications (myApp1 and myApp2)

They share secrets with a shared vault store, both apps run on the same domain (myApp1 at https://myapp.com/, myApp2 at https://myapp.com/myApp1)

User first goes to myApp1, which handles logging them in and populating some session data, they are then sent to myApp2

The trouble I have is when I try to read the session from myApp2 using getIronSession, the value is undefined. BUT when I use unsealData to access the value from the cookie, I can see values.

I feel like I am misunderstanding the intention of the library here. Any assistance would be great :)

[mildfuzz]

Edited to add more context

[mildfuzz]

So it appears when I run it locally, it works as expected

[vvo]

@mildfuzz it would be tremendous to have a github repository I can run to help you out, for example a create-next-app simple repo https://nextjs.org/docs/pages/api-reference/cli/create-next-app with the structure of /app1 /app2 and what you expect to happen in more details. thanks!

[mildfuzz]

okay, so further investigation and it might not be so trivial. If I run locally by following following procedure:

• Run myApp1 on localhost:3000, populate session
• Kill myApp1
• Run myApp2 on localhost:3000/myApp2
  I can see that getIronSession works as expected

however, when I run in an environment, I can only get the values using unsealData

I have tried running both apps in prod mode locally to see if that's the different, but it works in that scenario too.

So there is something different in the deployed version that affects this and I am struggling to identify it.

[mildfuzz]

So raising dummy repos might not solve this...