Login and other bugs running SDK 4.1 starter kits side-by-side
To recreate the login bug:
- Install the Sitefinity SDK 4.1
- Run the Education Starter Kit and login to the back-end
- Run the Charity Starter Kit and login to the back-end
- When prompted, select "Logout" or "Switch User"
Bug: The following error is encountered
Server Error in '/' Application.
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[NullReferenceException: Object reference not set to an instance of an object.]
Telerik.Sitefinity.Security.SecurityManager.LogoutImpl(String providerName, Guid userId, String userName, Credentials credentials) +405
Telerik.Sitefinity.Security.SecurityManager.Logout(String providerName, Guid userId) +109
Telerik.Sitefinity.Security.Web.UI.LogoutForm.DoLogout(String navigateUrl) +12
Telerik.Sitefinity.Security.Web.UI.LogoutForm.SwitchUserButton_Command(Object sender, CommandEventArgs e) +7
System.Web.UI.WebControls.LinkButton.OnCommand(CommandEventArgs e) +115
System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +169
System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +9
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +176
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1
The problem seems to be that both starter kits are using the same security cookie names rather than using unique cookie names as they should, along with a lack of error handling logic to handle this condition.
Rename the security cookies within the starter kits as follows using "Administration > Settings > Advanced > Security"
- Education Starter Kit
- AuthCookieName: .SFAUTH-Education
- RolesCookieName: .SFROLES-Education
- LoggingCookieName: .SFLOG-Education
- Charity Starter Kit
- AuthCookieName: .SFAUTH-GiveCamp
- RolesCookieName: .SFROLES-GiveCamp
- LoggingCookieName: .SFLOG-GiveCamp
- Delete browser cookies every time before switching from one starter kit to another
- Run the two different starter kits in two different browsers such as IE and Chrome
Besides the login bug, there are other bugs/errors running the two starter kits side-by-side. For example, trying to simply view the Pages list on each site generates errors. Telerik, please test this and correct the bugs.
Thank you for reporting the issue. We successfully reproduced the issue. However the problem is not present in our current official release of Sitefinity because the system sets unique security cookie for each project thus eliminating such scenario.
Anyway, we have had a similar issue few months ago but as far as I know it has been fixed. I have contacted our development teams so they can have a look at it again and include a fix ( if needed ) in our release.
the Telerik team
Yes, this issue was addressed in Sitefinity 4.1 when creating new Sitefinity 4.1 projects. However, it was not fixed in the Starter Kits that are included in the SDK 4.1. The fix should quick and easy - simply updating the three cookie name settings in each of the two Starter Kits (and any new kits added to the SDK) and including the fixed version of the kits in the next SDK release. See my original post for the details.
Sitefinity developers and evaluators are likely to run Starter Kits side-by-side to review the features and functionality of each, so this is something that should be tested by Telerik to ensure there are not other obvious problems.
We have reopened the bug so you can expect it to be fixed in our next release which is due by the end of this week. Indeed the issue may not be hard to fix but there are also many other tasks that our teams are working on for this SP. Please check if the problem is still at hand after SP1 is released and if it is, contact me again.
All the best,
the Telerik team
Since this issue is in the Starter Kits that come with the SDK 4.1, fixing the issue will require an updated SDK with updated Starter Kits. Does Telerik plan to release a new 4.1 SP1 SDK this week?
There will be an update for the SDK but it will probably be released after the SP1 (the week after that).
the Telerik team
I downloaded and tested the new Sitefinity SDK 4.1 SP1 for these problems. The problems still exist. The two starter kits are still using duplicate security cookie names, causing errors for anyone attempting to run them side-by-side. Worse, the workaround of renaming the security cookie names is no longer working for me. As soon as I try launching the second starter kit, any navigation in the previously launched starter kit results in a "Internet Explorer cannot display the webpage" error.
Can Telerik test running the starter kits side-by-side -- a fairly obvious thing for a developer to do -- and correct the issues that prevent doing this successfully?
Thank you for pointing this issue. I have contacted the teams who work on the SDK so they can look into it and have the problem resolved by our next release. As a workaround I would suggest you to use different browsers if you want to look at the both starter kits at the same time.
the Telerik team