Cached credential reuse across subdomains prevents proper OPDS authentication prompt #608
Description
I’m running a self-hosted OPDS server with multiple libraries exposed via different subdomains, each requiring separate credentials and providing different levels of access.
Example setup:
• allbooks.mydomain.com → Full catalog (User1 credentials)
• booklist1.mydomain.com → Filtered catalog (User2 credentials)
• booklist2.mydomain.com → Different filtered catalog (User3 credentials)
Observed behavior in KyBook3:
If allbooks.mydomain.com is added first, its credentials are cached. When adding booklist1.mydomain.com, the app does not prompt for credentials and instead reuses the cached credentials for the parent domain.
While direct navigation to the filtered catalog works, users can navigate “up” in the hierarchy (via the # header link) and access broader content due to the reused credentials.
More critically, when attempting to add a second refined catalog (e.g., booklist2.mydomain.com) with different credentials, the app automatically applies the cached credentials from another subdomain. It does not prompt for authentication, resulting in a 500 error during setup because incorrect credentials are silently reused.
Expected behavior
Authentication should be scoped per catalog (or per exact host), and the app should prompt for credentials when adding a new OPDS catalog, even if another subdomain of the same parent domain already has cached credentials.
Question
Is there a way to prevent credential reuse across subdomains during initial catalog setup, or to force a fresh authentication prompt per catalog?