Currently Traditional web apps and react apps use different sessions which means there is no single sign on available if you have mixed applications in your environment. Because there is no easy way to convert a traditional web app to react this makes things difficult to migrate to react for those of us that have a lot of legacy applications written in traditional web.

If it was possible to at least share the login session between the two this would allow us to incrementally upgrade our applications over to react without having to hack the security sessions be passing tokens between apps of different types which can result in some unwanted security issues (ie user logs out in one and is still logged into another etc)

We have looked at dong a virtual session by storing details in the database, passing tokens and validating on every web request which can work but means we are duplicating a lot of the inbuilt security concepts and missing one of the big benefits of OS which is a really good built in security model.