I need some clarifications about multi-domain authentication. I have a site, e.g. www.example.com, which uses sys_folder id = 25 which has own users and groups. And now I created another domain using site configuration, www.example.com/mycompany, which uses another sys_folder id = 50. Both have felogin with different storage folders. It is correctly working in login failures. But when I logged in my main website, say www.example.com. It automatically logged-in on other domain www.example.com/mycompany, which shows my fe_users details. How could I handle authentication separately for domain-wise? Does TYPO3 support that?
This is a general issue and not really related to TYPO3: when you log in to www.example.com, the cookie path will be /. It cannot be anything else since it would then be limited to that path.
Thus when you enter a sub-site like www.example.com/mycompany, the cookie of www.example.com is sent since /mycompany is covered by the / path. See Set-Cookie: Wildcard "Path" for details.
The proper solution here can only be to separate sites using subdomains instead, e.g. mycompany.example.com and www.example.com. Then each site will have its domain stored in the cookie which ensures only the correct cookie per site is used.
Notice that in this case the main site must be something like www.example.com and not just example.com, otherwise the same issue will show up: a login cookie created on example.com will be sent for mycompany.example.com and all other subdomains.