It seems as if the authStore uses the same auth/cookie/whatever across different projects.

Steps to reproduce

• Create project "A"
• Create project "B"
• Run project "A" and log in using await usePb().collection("users").authWithPassword("user", "password");
• Quit project "A"
• Run project "B"
• console.log(usePb().authStore.model?.id) returns the id of the user from Project "A"

Is there any setting I'm missing to prevent this?

By default the JS SDK stores uses localStorage and if your both applications operates on the same domain then it is expected to share the same auth state because the localStorage key would be the same.

You can specify a custom unique key by manually initializing the LocalAuthStore:

import PocketBase, { LocalAuthStore } from "pocketbase"

const pb = new PocketBase("http://127.0.0.1:8090", new LocalAuthStore("your_unique_app_key"))

For more details about the auth store you could check https://github.com/pocketbase/js-sdk#auth-store.