Strange Security Behaviour

Matthew Butler asked on August 2, 2022 16:21

The security appears to work for the .net authentication, but when I start a new session that’s already logged in the Kentico check appear to fail on first try, then succeed.

e.g.

  1. Login
  2. Close browser
  3. Reopen browser
  4. Go to secured page e.g. MyAccount (Secured using CMS page security)
  5. Get redirected to login (don’t login)
  6. Go back to secured page e.g. MyAccount, and it works
  7. Go to another secured page e.g. MyAccount/Orders
  8. Get redirected to login (don’t login)
  9. Go back to secured page e.g. MyAccount/Orders, and it works

I resolved this by removing the CMS page security and adding an [Authorize] attribute on the controller. But now I’m getting the same behaviour with the shopping cart

  1. Login
  2. Add Items to Cart
  3. Close browser
  4. Reopen browser
  5. Mini Cart Empty
  6. Refresh browser and mini cart show items
  7. Go to basket page and its empty
  8. Refresh browser and It works

Kind regards

Mat

Recent Answers

Matthew Butler answered on August 5, 2022 16:12

I appears on first visit to any page in a new session MembershipContext.AuthenticatedUser returns the public user, but on refresh of that page the user is correct

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.