Support multiple sessions in a single browser

This adds support for multiple logins in the same browser on a single
server. The logins can be different companies with the same user,
the same company with different users or different users with different
companies.

Closes ledgersmb#6352

UI/src/store/configTemplate.js

@@ -15,7 +15,7 @@ export const configStoreTemplate = {
     },
     actions: {
         async initialize() {
-            const response = await fetch(`/erp/api/v0/${this.url}`, {
+            const response = await fetch(`./erp/api/v0/${this.url}`, {
                 method: "GET"
             });
 
@@ -28,7 +28,7 @@ export const configStoreTemplate = {
             }
         },
         async add(adding) {
-            const response = await fetch(`/erp/api/v0/${this.url}`, {
+            const response = await fetch(`./erp/api/v0/${this.url}`, {
                 method: "POST",
                 headers: {
                     "Content-Type": "application/json"
@@ -48,7 +48,7 @@ export const configStoreTemplate = {
         },
         async del(id) {
             const warehouse = this.getById(id);
-            const response = await fetch(`/erp/api/v0/${this.url}/${id}`, {
+            const response = await fetch(`./erp/api/v0/${this.url}/${id}`, {
                 method: "DELETE",
                 headers: {
                     "If-Match": warehouse._meta.ETag
@@ -71,7 +71,7 @@ export const configStoreTemplate = {
             }
             const warehouse = this.items[index];
             if (!warehouse || !warehouse._meta || warehouse._meta.invalidated) {
-                const response = await fetch(`/erp/api/v0/${this.url}/${id}`, {
+                const response = await fetch(`./erp/api/v0/${this.url}/${id}`, {
                     method: "GET"
                 });
 
@@ -101,7 +101,7 @@ export const configStoreTemplate = {
         },
         async save(id, data) {
             const warehouse = this.getById(id);
-            const response = await fetch(`/erp/api/v0/${this.url}/${id}`, {
+            const response = await fetch(`./erp/api/v0/${this.url}/${id}`, {
                 method: "PUT",
                 headers: {
                     "Content-Type": "application/json",

UI/src/store/sessionUser.js

@@ -11,7 +11,7 @@ export const useSessionUserStore = defineStore("sessionUser", {
     },
     actions: {
         async initialize() {
-            const response = await fetch("/erp/api/v0/session", {
+            const response = await fetch("./erp/api/v0/session", {
                 method: "GET"
             });
 

cpanfile

@@ -96,11 +96,11 @@ requires 'PGObject::Type::ByteString', '1.2.3';
 requires 'PGObject::Util::DBMethod', '1.1.0';
 requires 'PGObject::Util::DBAdmin', '1.6.2';
 requires 'Plack', '1.0031';
-requires 'Plack::App::File';
 requires 'Plack::Builder';
 requires 'Plack::Builder::Conditionals';
 requires 'Plack::Middleware::ConditionalGET';
 requires 'Plack::Middleware::ReverseProxy';
+requires 'Plack::Middleware::Static';
 requires 'Plack::Request';
 requires 'Plack::Request::WithEncoding';
 requires 'Plack::Util';

lib/LedgerSMB/Middleware/SessionStorage.pm

@@ -68,15 +68,17 @@ sub call {
     $session->{csrf_token} //= String::Random->new->randpattern('.' x 23);
 
     my $secure = defined($env->{HTTPS}) && $env->{HTTPS} eq 'ON';
-    my $path =
-        $self->cookie_path //
-        LedgerSMB::PSGI::Util::cookie_path($env->{SCRIPT_NAME});
     $env->{'lsmb.session'} = $session;
     return Plack::Util::response_cb(
         $self->app->($env), sub {
             my $res = shift;
 
             if (! $self->inner_serialize) {
+                my $token = $env->{'lsmb.session'}->{token}  ?
+                    $env->{'lsmb.session'}->{token} . '/' : '';
+                my $path  = $self->cookie_path
+                    ? ($self->cookie_path . $token)
+                    : LedgerSMB::PSGI::Util::cookie_path($env->{SCRIPT_NAME});
                 my $_cookie_attributes = {
                     value    => $self->store->encode(
                         $env->{'lsmb.session'},