Closed andrewvieau closed 5 years ago
Confirmed this is an issue when using identity server. Likely has been there since 9.0 but exacerbated by changes to Hard Rocks login logic in recent security fixes.
Due to Owin configuration, there is no HTTP Session available to authentication handlers for the Rocks, and with no session id available, the ticket manager just clears the first ticket it can find -- the one from your browser.
I believe I can update the Hard Rocks service to tweak that Owin configuration and make session available.
I ended up finding a non invasive fix for this, by filtering out the _sitecoreuserticket cookie. Fix for 2.x available on this PR:
Starting last week, every time Sitecore Rocks makes any call to the database, I will be logged out of any web browser I'm using to access that same instance.
Example: https://youtu.be/nS3GUM3Ow5Q
Edit: This is using Visual Studio Community 2017 and Sitecore 9.1 initial release.
Edit 2: I managed to work around the issue by creating an admin account specifically for Sitecore Rocks. In the video above, both Rocks and the browser were using the OOB admin account. I created a second admin account, and as long as the browser and Rocks are using different users, I can switch between them just fine without being logged out.