Cookie and Login Session Conflicts

Hello UNA Team,

I have two UNA instances on the same domain name. One in the root folder (my main website) and another one in a subfolder (my dev or test website). Both are UNA 13.1.0. They are separate installations with separate databases. Even paramenters in the inc/header.inc.php file (paths, passwords etc) are different.

Everything works fine. Using the same browser (e.g. Chrome) I can log into both websites as admin and work on both platforms at the same time without any issue. The problem occurs when it comes to logout. I am unable to log out from the second installation in the subforlder when the admin of the first installation in the root folder is still logged in. As a workaround: I have either to clear my browser cookies to force both admins to log out or to log out first from the root installation in order to be able to log out from the subfolder installation.

Was is supposed to work like that even when those two installations are independent?

Please could you like to investigate this issue?

Thanks

Replies (1)

· Romulus

· 2025-05-20T22:33:18+0000
In each UNA instance’s inc/header.inc.php, make sure all folder paths (like root folder, modules, cache, storage paths, etc.) point to the correct server directories corresponding to that instance. Check that BX_DIRECTORY_PATH_ROOT is different for each site in their inc/header.inc.php file. If both sites have the same BX_DIRECTORY_PATH_ROOT, they will share the same root directory, and as a result, use the same cache folders, temp directories, and other paths. This will cause conflicts with cache, sessions, and uploaded files between the two installations.
If both UNA instances (root and subfolder) have BX_DOL_URL_ROOT set to the same base domain without distinct paths (/ vs /subfolder/), their cookies share the same path /. This causes login session and logout conflicts.
How to fix:
In each instance’s inc/header.inc.php, set BX_DOL_URL_ROOT properly:
Root site:
define('BX_DOL_URL_ROOT', 'https://domain.com/');
Dev site (subfolder):
define('BX_DOL_URL_ROOT', 'https://domain.com/subfolder/');
This ensures bx_setcookie() assigns the correct cookie path, preventing conflicts.
Also, add this line in each instance’s header.inc.php if not already exist:
define('BX_DOL', 1);
Memcached cache prefix:
When using Memcached for sessions or cache, each UNA instance must use a unique key prefix to avoid key collisions.
If they share the same Memcached server without prefixes, sessions and cache entries will overwrite each other.
Nginx example configuration for Memcached key prefixes:
For the main site:
location /memcached { set $key_prefix "main_"; set $memcached_key "${key_prefix}${uri}${is_args}${args}"; memcached_pass memcache_cluster; default_type application/json; error_page 404 = /memcached_not_found; } location = /memcached_not_found { return 404 "{\"error\": \"Not found in Memcached\"}"; }
For the dev subfolder site:
location /memcached { set $key_prefix "dev_"; set $memcached_key "${key_prefix}${uri}${is_args}${args}"; memcached_pass memcache_cluster; default_type application/json; error_page 404 = /memcached_not_found; } location = /memcached_not_found { return 404 "{\"error\": \"Not found in Memcached\"}"; }
After applying these changes:
Clear all cache
Clear all Memcached cache
Restart memcache servers if needed
Test logins and logouts separately on each instance
This will isolate cookies and Memcached sessions properly, avoiding conflicts between your two UNA installations on the same domain.
Also, in Chrome’s Developer Tools, go to the Network tab, enable 'Disable cache' while testing the logout and login process, then turn it back off after testing. Make sure you’ve cleared the browser cache completely before testing.
I also have multiple test sites on the same domain but I haven't experienced any conflicts.