How to Handle Navigation Between Two Separate Flutter Web Applications on Same Domain with Session Management

I have two Flutter web applications running on the same server but as separate deployments. One handles authentication and the other is the main dashboard. The auth app runs on one path and the main app runs on another path.

My current setup works like this - users log in through the first app, then get sent to the second app after successful authentication. When they want to log out from the main app, I clear their session data and send them back to the login app.

Here’s what I’m using for navigation between apps:

// For login success redirect
js.context.callMethod('eval', [
  'window.location.replace("http://myserver.com:3000/dashboard/")'
]);

// For logout redirect
html.window.sessionStorage.clear();
html.window.localStorage.clear();
js.context.callMethod('eval', [
  'window.location.replace("http://myserver.com:3000/auth/")'
]);

I’ve also experimented with different approaches like html.window.location.href, html.window.location.replace(), and even tried window.open() with _self parameter. I also looked into Flutter routing solutions like Navigator.pushNamed and GoRouter but those don’t seem to work across separate applications.

The main issue I’m facing is that after logout, users can still press the browser back button and return to the main app even though their session is cleared. This creates a security issue because they can see the previous state of the app.

What’s the best way to handle this kind of cross-app navigation in Flutter web? I need to either disable the back button functionality or detect when users try to go back and force them to the login page if their session is invalid.

Any suggestions for handling this micro-frontend architecture properly would be helpful.

I had the same issue with a multi-app auth setup. Your back button problem happens because window.location.replace() doesn’t stop browsers from serving cached pages through history. Don’t just rely on navigation methods - add a session validation guard that fires immediately when your dashboard loads. This guard checks if the session’s still valid before rendering anything and kicks users back to the auth app if it’s expired. You should also set up a heartbeat between your apps using shared cookies or a central session store. That way, even if users hit the back button, they’ll hit your session check instead of seeing old cached content. Make session validation your top priority in the app lifecycle, not just something that happens during login.

try using window.location.assign() instead of replace - it should work better for clearing history. also make sure your dashboard checks session validity on every page load, not just initial render. thats the real fix for back button issue tbh

Interesting setup! You could try session validation middleware that runs on every route change. How are you storing the session tokens - httpOnly cookies or localStorage? JWT expiration checking might handle the back button issue better than messing with browser history.