When a user navigate in Frontend and Backend with the same browser, the Backend go down.
It is possible to look that there is an error in browser console:
The version of Umbraco is 7.2.5. I look this issue from some back versions.
The issue can be temporary solved with a refresh of backoffice page. But when the user requires a new call in frontend (or Ajax call), the backoffice go down another time.
How can I solve the issue definitivelly, without using 2 different browser?
Note
With a Google search, maybe I found a reason of the issue: I think that it is the result of Umbraco anti-XSRF attach.
Is the user logged in both in the backoffice and on a member section on the public facing website? Or is the user just logged into the backoffice browsing the public facing website without being logged into the website?...Hope this makes sense...:)
We've tracked down the reason for this problem: the front-end was creating a cookie that had a name that had an 'invalid' character in it (in my case it was the opening and closing brackets). Interesting that the backoffice would fail as it did in this scenario but it's easy enough in this case to change the cookie name so that it all works now.
The website uses Ajax to refresh some front-end widget data.
There are two:
the first is used to refresh data every 2 seconds via HTTP GET method (I will call it AjaxA).
the second is used to refresh data every 10 seconds via HTTP POST (i will call it AjaxB).
To test this behavior I have open the front-end and back-end with the same browser, in 2 browser tabstrip pages.
When administrator open a Node in BackOffice, the XSRF-TOKEN and XSRF-V cookies changes value.
In the same time, the AjaxA continue to works properly in frontend: the method send cookies to server; the server do not returns any cookie.
Administrator continue to open others Node in BackOffice. After 10 seconds the BackOffice do not works. The browser console shows this error: Failed to load resource: the server responded with a status of 417 (Invalid token).
Looking in frontend, the AjaxB is called: the method send the same cookies/values of AjaxA, but server returns newest XSRF-TOKEN and XSRF-V values.
The only solution that I found is to refresh the Backoffice page. But it is not confortable.
My front-end code call API to refresh widget data. One of theese API method was declared with SetAngularAntiForgeryTokens attribute. This attribute change XSRF-TOKEN and XSRF-V cookies.
The solution is to remove the attribute.
In order to allow a WebApi controller to access Session variables, I had updated the codebehind for Global.asax to set the SessionStateBehavior to Required:
Backend go crash when navigating Frontend in same browser
When a user navigate in Frontend and Backend with the same browser, the Backend go down.
It is possible to look that there is an error in browser console:
The version of Umbraco is 7.2.5. I look this issue from some back versions.
The issue can be temporary solved with a refresh of backoffice page. But when the user requires a new call in frontend (or Ajax call), the backoffice go down another time.
How can I solve the issue definitivelly, without using 2 different browser?
Note
With a Google search, maybe I found a reason of the issue: I think that it is the result of Umbraco anti-XSRF attach.
Hi Flavio
Is the user logged in both in the backoffice and on a member section on the public facing website? Or is the user just logged into the backoffice browsing the public facing website without being logged into the website?...Hope this makes sense...:)
/Jan
Hi Jan, the issue exists with and without user logged in Frontend.
Note: the website uses some cookie.
We've tracked down the reason for this problem: the front-end was creating a cookie that had a name that had an 'invalid' character in it (in my case it was the opening and closing brackets). Interesting that the backoffice would fail as it did in this scenario but it's easy enough in this case to change the cookie name so that it all works now.
In my case I am using right cookie name format.
The website uses Ajax to refresh some front-end widget data.
There are two:
AjaxA).AjaxB).To test this behavior I have open the front-end and back-end with the same browser, in 2 browser tabstrip pages.
When administrator open a Node in BackOffice, the
XSRF-TOKENandXSRF-Vcookies changes value.In the same time, the AjaxA continue to works properly in frontend: the method send cookies to server; the server do not returns any cookie.
Administrator continue to open others Node in BackOffice. After 10 seconds the BackOffice do not works. The browser console shows this error:
Failed to load resource: the server responded with a status of 417 (Invalid token).Looking in frontend, the AjaxB is called: the method send the same cookies/values of AjaxA, but server returns newest
XSRF-TOKENandXSRF-Vvalues.The only solution that I found is to refresh the Backoffice page. But it is not confortable.
@Flavio,
Did you ever find a solution for this issue?
Hi @Mattew, yes, I solved my issue.
My front-end code call API to refresh widget data. One of theese API method was declared with
SetAngularAntiForgeryTokensattribute. This attribute changeXSRF-TOKENandXSRF-Vcookies.The solution is to remove the attribute.
Thank you, Flavio. That is very confusing since I'm not using that attribute anywhere in my front-end code.
We are making liberal use of MVC HtmlHelper's AntiForgeryToken on our front-end forms. I wonder if this might have a similar effect.
I think that it is important to not update values of
XSRF-TOKENandXSRF-Vcookies.Because they are used by Umbraco back-office.
I think I found out what was going on.
In order to allow a WebApi controller to access Session variables, I had updated the codebehind for Global.asax to set the SessionStateBehavior to Required:
Once I removed the above code, Umbraco was finally able to create the XSRF tokens again.
Well, fantastic!
is working on a reply...