We have a Grails application in which Spring Security's
switch_user feature is working only on our dev and staging environment, but not in production.
Whenever we try to use
- dev environment (http://localhost:8080) -> Everything fine
- staging environment (https://app-staging.domain.com) -> Everything fine
- production environment (https://app.domain.com) -> Can't
Current versions for all environments:
- Grails: 2.2.1
- Spring Security Core: 188.8.131.52
All Spring Security's plugin configurations are the same for all environments, there are no specifics for each one.
Cookies created by Spring Security are present on both staging and production environment.
Staging and production environments are both running on AWS ElasticBeanstalk, each one with separate VPCs, subnets, security groups and databases. We have gone through each AWS resource looking for differences, but we have found none so far.
We also looked for differences at the database table structure of both staging and production environment. None found.
DNS routing to AWS environment URLs is done equally for both staging and production.
There's something that we don't really understand yet. If we create another production environment- with same AWS configurations as the original- and point it to a different sub-domain, e.g. https://app-temp.domain.com, then
switch_user works, just for a while. That is, we can use the feature, but after some time it stops working again.
We don't know where else to look. Any hints on what the issue could be?