My frontend part of the application is showed in the Shopify Admin panel apps window by iframe(this is for all the apps).
First request is sending hmac and fields to calculate the hmac to prove to backend that this is the right user. Now I want to create a session for this user that has authenticated, but since the app can only run inside iframe in that view, every request is new session accoridng to backend. When i go straight to the frontend url without going there through admin panel ( so without iframe ) it works well.
This is more detailed description: https://stackoverflow.com/questions/59827230/spring-boot-react-new-session-is-created-for-every-requ...
Or where should I store the JWT token for example to bypass it. Has anyone had same problem?
When you get a request to your App it is usually providing you with the name of the shop. That is always unique to an account. So in your app you will assign a session to that shop. Once you do that, your session should be persisted on the client using cookies or some other token-based method you have mastered.
If you are starting a new session every time someone hits your App you are forgetting to initiate and set a session the first them they authenticate with you. So the simple logic is this: