as mentioned in the issue #2657 ( Support multiple instance running on the same domain · Issue #2657 · node-red/node-red · GitHub ) i got trapped by that problem. I tried to get rid of the problem just by settings using a token validator. That worked almost because in my case a user may have different permissions in the two instances and the permission is not recoverable from the other instances token.
So i reviewed the implementation in the core and came up with a quite simple approach.
The approach reads the path from window.location in RED.settings.init(), removes the last character, replaces "/" with "-" and stores it a authTokensSuffix property. Whenever the key auth-tokens is read, set or removed this suffix is added to the localStorage key. This results i no api-changes and no changes when the editor runs in the root path and you may run as much instances as you like on a single host name.
The only, from my perspective minor, point of discussion is the the behavior, that the hole auth-tokens* "Namespace" for setting-keys gets "magic" while currently only the key auth-tokens itself has special meaning.
Bevor filling a PR i have read the contribution guide (again) and decided to start here - as recommended - as im not quite sure to which branch this PR should point. It applies to dev and master without conflicts!
Feedback is appreciated! Would like to get it merged, because it is needed on our solution and i would like to get rid of that patch while building.