Working with Angularb4 etc, Cache serve, json/rest services and especially session handling with different browsers. We make apps for hospitals and the authentication is important, and other security like autologout after certain timeout etc. Now we have big problems, because %session will change the user to other on same browser, but keeping licence id. How to code app, if you don't keep the session. Different CSP app for login, and then transfering securetoken given by Cache server in every request from client?