Odditiy with cache and login name/status widget

Posted by Community Admin on 04-Aug-2018 15:04

Odditiy with cache and login name/status widget

All Replies

Posted by Community Admin on 16-Nov-2011 00:00

I have an intranet site that I have been working on.  I noticed the login status control was not showing the correct profile information depending on what type of role the user belonged to.  It seemed to be with any user who was not assigned as a standard built in role (i.e. administrator, backenduser).

Does the Login Status control handle the lout out routine for built in roles differently than roles that belong to the Default provider?  Meaning does it take an extra step to clear all caches and session information? 

I fought with this for awhile before I finally turned caching off on each of the pages.  This took care of the issue, but it does not seem right to me that any type of caching should lock onto user information that requires authentication.  I am guessing it has more to do with the Output caching rather than the client side.  I say this because clearing client side cache and cookie had no affect on this, but turning caching off completely instantly solved it.

Here is the scenario:

I have a few admin users that are assigned to the built in Administrator role.

I also have users that are assigned to department roles and do not have access to the backend in any way. DepartmentManager, DepartmentUser are two examples of roles I am talking about.

1.) I go to the login page for the intranet and login with an admin account.  I see the correct name in the login name control (for reference I am using it pretty much as it was in the starter kit.  I think I changed the LogOutAction to Redirect as part of testing on this issue, but it was set to Refresh with the same results)

2.) Next I will log out with the login status control and it redirects me back to the intranet login page.  I can verify that I am logged out as I both cannot get to any of the secured pages and I am shown as offline via the users page in Sitefinity admin.

3.) Now I log in with a non-backend user like DepartmentManager.  I again see the correct name.  I have some pages that offer edit functionality that only a manager should have access to.  These pages are showing the edit controls as intended.

4.) Again I log out and am redirected back to the intranet login.

5.) Now I log in with a DepartmentUser account.  I see the previous name that belonged to the DepartmentManager showing in the login name control.   I navigate to pages that should only offer me read only access to data and still see the edit controls that only the manager should see.  I have just impersonated a manager by using my own credentials. 

I can log out until I am blue in the face and I will always get the wrong profile as long as I am trying to log in with a non-backend user.  Restarting the app will stop this, but only until the next time two non-back end users try to log in on after each other on the same browser.  Clearing browser cache and even closing it completely out does not help.

If I log back in with an Adminstrator I will see the correct profile information.


I know this is a lot to read so here is a quick summary with fictitious names to help illustrate what I was seeing.

Administrator - Stacey
DepartmentManager - Jim
DepartmentUser - Ted

- Stacey logs into the intranet login and we see Stacey in the login name control.
- Stacey now logs out and Jim decides to login using the same browser.  Jim sees the correct information appearing and has access to editing his department page.
- Jim now logs out and Ted decides to login.  Ted sees Jim's profile information appearing and also has edit access to the department page.
- Ted logs out and Stacey logs back in.  Stacey will see his profile information and has the correct functionality.
- Stacey logs back out and Ted tries again.   Based on the current pattern you might think you will see Stacey's information showing, but instead Ted will see Jim's profile information, NOT Stacey's.

It feels like the built-in roles are being handled during a log out differently by this control than custom roles are.  Is there something I should be doing to handle this other than turning cache off?




Posted by Community Admin on 21-Nov-2011 00:00

Hello Stacey,

Please excuse us for the inconvenience, indeed there might be certain issues with the LoginName and LoginStatus controls caching the information form the previous user, we have logged this issue as a bug in our system and are currently working on providing a fix for it in the upcoming releases. You can track the issue status and vote for it in PITS on this public URL. As a workaround, if you have the control placed on a single page(e.g a Login page) , we'd recommend you to disable output caching for that particular page. If htere's anything else we can help you with, please let us know.

Best wishes,
Boyan Barnev
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 19-Jan-2012 00:00

Hi

Is this fixed yet?

/Keivan

Posted by Community Admin on 20-Jan-2012 00:00

Hi Keivan,

We'll be introducing utilization of the cache substitution framework in our upcoming Sitefinity 5.0 release, and the fix for the issue is also scheduled for that particular release.

Kind regards,
Boyan Barnev
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 02-Apr-2012 00:00

Hello,

I would like to revisit this issue.  I just upgraded to version 5.0 and this bug is still there. 

In our case, when user is not logged in we have a link to log in.

Once logged in, the link changes to label that says Welcome: user name.


The problem is that login name is showing on all pages for admin and backend users only.  For other users (registered user), it is only showing on some pages.

Any ideas?

Thank you,
Sebastian

Posted by Community Admin on 02-Apr-2012 00:00

Hello,

I would like to revisit this issue.  I just upgraded to version 5.0 and this bug is still there. 

In our case, when user is not logged in we have a link to log in.

Once logged in, the link changes to label that says Welcome: user name.


The problem is that login name is showing on all pages for admin and backend users only.  For other users (registered user), it is only showing on some pages.

Any ideas?

Thank you,
Sebastian

Posted by Community Admin on 19-Sep-2014 00:00

Running Sitefinity 7.1.5200.0.  Login name widget refused to show on my home page, although worked fine on all other pages.  All pages use the same page template.  The login name widget lives on the page template.  I finally determined that I had to set the Caching option on the home page properties to "No Caching". 

This resolved the login name problem, but kills my homepage load speed.  Are there any better solutions out there?

 

Posted by Community Admin on 24-Sep-2014 00:00

Hi Richard,

I have reproduce the issue on version 7.1 and 7.2. It is now logged as a bug in our Feedback portal where you could vote and subscribe to receive notifications on status change.

Regards,
Svetoslav Manchev
Telerik

 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

Posted by Community Admin on 16-Apr-2015 00:00

Ok, so this is fixed in version 8.x, is there any way I can fix it in my current version 6.3 ?

This thread is closed