Multiple sessions on the same browser for one single webapp

Question

Can the same user have multiple sessions to the same app in the same browser as long as another field is added to the authentication process (email, password and website_id)?

I'm building a PHP app that allows the creation of multiple onepage websites. Each website should serve as standalone sites, with different content but they all have the same backend. Each website has a separate set of users/customers. A user can signup on any website but the websites don't necessarily share a user base. This means that a user can go to site1.domain.com and register, and then would have to register again if they wish to visit site2.domain.com.

They will probably register using the same email address, so my user table allows for duplicate email addresses as long as they're not in the same website.

This is sort of a very simple CMS. Kinda like what magento does with multiple websites running under the same instance. They also allow each separate site to have they're own customer base.

I plan to use Laravel for this project. My current approach is this:

Modify the provided user authentication functionality to add the site_id field. This means the user can register with the same email address in multiple sites, and can also log in to all those sites separetly. If they're logged in to site1 and visit site2, they have to log in again and have two separate sessions for what would appear to them as two different apps, but is just the one.

In theory this seems possible to me. A cookie is created for each separate subdomain once they login, which wouldn't work on a different subdomain. I feel like I'm missing something big though, I've never done something similar to this and always relied on Laravel to handle all the session stuff for me. Is this possible without some heavy hacking to the Laravel codebase?

UPDATE

These are my constraints:

• The desired affect is that each website appears to be a separate application alltogether and not related at all to the others but all tied to the same backend and with the same routing/views.
• userbase and user session cannot be shared between sites. I can make it so a user registers once and can login to every site, but I don't want that. A user should be able to visit every website separately.
• every website will have a different subdomain, or in same cases, a different domain alltogether.

Answer 1

PHP sessions are tied to the domain name, so they will automatically have different sessions for each of your apps. You can use route-model binding with a custom resolution to determine the app based on the domain.

routes.php

Route::group(array('domain' => '{site}.com'), function() {
  //routes go here
});

RouteServiceProvider (in boot method)

$router->bind('site', function ($value) {
  return App\Site::where('custom_domain', $value)->first();
});

This is based on the assumption that you have a Site model with a field in the database called custom_domain. All of the routes available inside the group will have access to the Site using dependency injection. You can adjust the model and field based on your app needs.

You can use the model to customize the login-page for each app, and the apps will have independent sessions for each one.

I've also heard great things about the Landlord package. You use a middleware to define which Site the user is, based on the url. Once that is set, all eloquent queries will be automatically scoped based on the site_id in the database. So User::all() would only return users for the current site.