I have recently upgraded Episerver/commerce version. After this upgrade, we have a new "Oder Management" screen but it does not work.
The message is "Your session has expired. Please relogin."
Am I missing any configuration?
Sorry I can not attach a screenshot with the ticket.
check this out... section with this heading "Fix for 'Customer is undefined' error [New in Commerce 13.9.0]"
Thank you, Praful for your suggestion but it did not help to resolve the issue.
Now I'm going to compare User groups & access rights in old vs new version.
Any more suggestion?
I had to add this to the site initialization/global configuration to make it work, where the authenticationtype should be the same as what you use in your owin statrtup class. If you use owin that is.
Do you have ServiceAPI installed? ServiceAPI remove the cookie authentication for WebAPI controllers which causes that issue. It's a known issue but no workaround so far, unfortunately, except to have ServiceAPI as a separate website instead
Hi Quan - Thanks for your reply - Yes we are using Service API
Quan, we are also running into this issue. You mention a possible solution is to setup the ServiceApi as a separate website. Can you point me to some doucmentation about to how to do this?
You can setup an empty site and then install ServiceAPI to it. As long as you set the correct connection strings it should just work
@Naveed If @Jeroen's solution doesn't work for you.
You can also create an InitializationModule and add the following code in:
var handler = GlobalConfiguration.Configuration.MessageHandlers.FirstOrDefault(x => x.GetType() == typeof(PassiveAuthenticationMessageHandler));
This will open up the Order Management screen to look for authentication in the cookies in addition to the headers.
Service API uses SuppressDefaultHostAuthentication which locks down authentication to headers to protect against csrf attacks.