Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Brian 30 posts 171 karma points
    Mar 13, 2023 @ 22:41
    Brian
    0

    Members Have to Login Twice

    Hello All,

    I'm running into an issue where clients often have to log in twice in order to fully navigate a fully protected website. This seems to only happen with the Azure production environment. The issue does not present when developing locally or on a standalone Windows server.

    The general flow when the issue presents is a user logs in and lands on the Home page then upon trying to navigate to any other page they're redirected to the login page again. After the second login the issue is no longer present and the site can be navigated normally.

    This is a hit or miss issue across all users. For example, I could visit the site, login and immediately start navigating all pages of the site, however, I could test again shortly after and have to login twice.

    My best guess is it's something specific with Azure that's perhaps not documented along with the other Umbraco configuration on Azure.

    Any help or thoughts or past experience with this issue would be immensely appreciated.

    --Brian

  • Brian 30 posts 171 karma points
    Mar 15, 2023 @ 18:18
    Brian
    0

    Just bumping this to see if anyone's had this issue too.

    It's rather pressing that this gets resolved and I'm out of ideas.

    Thanks!

  • Brian 30 posts 171 karma points
    Mar 20, 2023 @ 17:03
    Brian
    0

    One last bump. Any help is appreciated.

  • Owain Jones 60 posts 390 karma points MVP 4x c-trib
    Mar 20, 2023 @ 17:30
    Owain Jones
    0

    Is the production site on Azure load-balanced?

    If so, the issue could potentially be related to the affinity cookie not being set: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-http-settings#cookie-based-affinity

    If not, is there anything in the Umbraco logs? Also, when you encounter a false login, does the member auth cookie get set in the browser?

  • Brian 30 posts 171 karma points
    Mar 20, 2023 @ 21:30
    Brian
    101

    Thank you for your thoughts on this, Owain.

    Your suggestions led me to a solution for this issue by digging in to the domain cookies a bit more.

    As is often the case, the issue ended up being quite simple to resolve. If a user came in to the site via the non-www root domain and logged in then those cookies would have a domain of site.com, however, the links throughout the site use the www.site.com root domain which creates cookies with the www.site.com domain.

    Simple fix, add a www -> non-www redirect since that's the preferred domain; https://site.com and not https://www.site.com.

    I greatly appreciate your thinking on this as it ultimately led me to the root issue and a proper fix.

    Take care!

    --Brian

Please Sign in or register to post replies

Write your reply to:

Draft