Multiple apps deployed on the same host share the same authentication with each other

[limouren]

Consider two apps App A and App B being deployed on http://example.com/a and http://example.com/b respectively (Note that they are on the same host).

1. Visit App A
2. Open inspector on App A and observe the local storage
3. Log into App A, you should observe two keys skygear-accesstoken and skygear-user being created
4. Now visit App B in another tab
5. Do a logout on App B
6. Now inspect the local storage of App A, you should notice that the two keys are deleted

It is currently affecting sites on Skygear Portal which has served its app using [app-name].skygeario.com (e.g. http://myapp.skygeario.com/static/spa and has enabled CMS. (client app vs CMS app)

• Skygear SDK Date/Version: 1.6.4
• JS runtime:
• Skygear Server Date/Version: N/A
• Is this a regression?
• Attached logs, screenshots

Expected Results

1. Logout from App B shouldn't affect App A
2. App A and App B shouldn't be able to access each other stored values (not sure whether it is possible...)

Actual Results

Steps to reproduce

[louischan-oursky]

If we only support localStorage, we can just add configurable key prefix so that keys written by a skygear instance is namespaced. For cookie, we need to ensure Set-Cookie header has correct path set.