Try our conversational search powered by Generative AI!
AI OnAI Off
Security: Get message "Unexpected token <" when trying to approve content after logout
Created
Nov 02, 2016
Updated
May 10, 2017
Area
CMS UI
State
Closed, Fixed and tested
Description
Steps to reproduce
- UserA is approver of content 1, and Content is in review state.
- Open the site in 2 tabs of a browser: Content 1 is opening on OPE mode in both browsers.
- On tab 1: User logs out of site.
- On tab 2: User opens the option menu then clicks Approve changes.
Expected:
Show dialog requiring user to log in again.
Actual:
Show dialog with message "Unexpected token <"
How to apply:
If you are using the our standard Asp.net Identity setup in Startup, you also need to hook up a new handler to the OnApplyRedirect on the Provider object. app.CmsOnCookieApplyRedirect...
// Use cookie authentication
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString(Global.LoginPath),
Provider = new CookieAuthenticationProvider
{
// If the "/util/login.aspx" has been used for login otherwise you don't need it you can remove OnApplyRedirect.
OnApplyRedirect = cookieApplyRedirectContext =>
{
app.CmsOnCookieApplyRedirect(cookieApplyRedirectContext, cookieApplyRedirectContext.OwinContext.Get<ApplicationSignInManager<ApplicationUser>>());
},
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager<ApplicationUser>, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => manager.GenerateUserIdentityAsync(user))
}
});
