Getting redirected back to 'Sites' dashboard when visiting public site as logged in user

[lukefretwell]

Source

• https://proudcity.zendesk.com/agent/tickets/6212

Describe the bug

When logging in to MyProudCity and visit the public site (ex: proudcity.com), I get redirected back to the MyProudCity sites dashboard.

To Reproduce Steps to reproduce the behavior:

1. Go to 'MyProudCity'
2. Login
3. Go to site dashboard
4. Click 'Visit site'

Expected behavior

Expect to see the public site when logged in as an admin.

Desktop (please complete the following information):

• Mac
• Firefox

Additional context Add any other context about the problem here.

• This happens on Firefox, but doesn't appear to be an issue on Chrome.
• This is only happening on some sites (proudcity.com, Jarrell) but not all.

[lukefretwell]

Other notes from Slack:

Looks like it happens when you go to the admin after visiting the sites page.

• If I’m logged in to sites, refresh the public site, I don’t get the admin bar and redirect.
• If I login and go to admin from sites, then refresh the public site, it displays the admin bar and redirects to sites.

When I clear cookies and view this per page:

On sites, I get 1 cookie from proudcity.com, 5 from auth0.com.

On admin, I then see 7 cookies from proudcity.com, 5 from auth0.com. Seems like whatever those 6 extra cookies that are added from proudcity.com could be the culprit?

It’s really weird, though, because I don’t experience this issue on some sites.

Also, it’s browser agnostic. For some it happens on Chrome, some it doesn’t. Same with Edge.

[lukefretwell]

• from Jeff:

there's probably a setting that needs to be adjusted somewhere in auth0, or in the auth0 wp plugin. it kinda sounds like a same-site cookie setting

[kevindherman]

@lukefretwell @curtismchale zendesk ticket 6212 for Solano GIS isn't able to get in using any browser.

"No change in Firefox, Chrome, or Edge on my personal PC off the County network."

[lukefretwell]

When I delete the proudcity.com cookies, I still get this issue, but when I delete the auth0 ones, it kind of goes away. I was logged in in private mode and it redirected me back to sites. When I deleted the proudcity.com cookies and refreshed, it still showed me logged in and redirected me. When I deleted the auth0, the admin bar was gone and I can now see the public site in private mode.

I thought it might be a cookie from one of the plugins but definitely seems more related to auth0.

[lukefretwell]

Not getting a redirect for this page (note it doesn't have admin bar):

https://proudcity.com/?gf_page=preview&id=9

[curtismchale]

I've just noticed that your logged in cookie does not get cleared when you try to log out of a site. I'm currently looking at Petaluma and after trying to log out, I'm logged out of the PC dashboard, but still have the authorized cookie for Petaluma. When I click "logout" on Petaluma I see I'm logged out of the dashboard to my.proudcity.com but when I return to Petaluma I'm logged in and can access everything on the dashboard.

[lukefretwell]

More input:

Chrome or Chrome Incognito mode Edge or Edge Incognito Mode Firefox or Firefox incognito equivalent Safari

That's consistent across mobile and desktop experiments.

I can sign in and get past the authorization challenge, but I don't see an option to "manage site." I can toggle the menu in the upper right-hand corner and see "Support," "Docs," "Feedback," "My Sites," and "Account."

All of those load, except for "My Sites" which does nothing when selected.

[kevindherman]

Post update input:

My apologies for the late reply it’s been a little busy here. I tried your suggestion and below are my findings.

1. No change using chrome or edge I still get immediately redirected if I have signed into Proud City.

2. I did discover that if I clear the cache using edge and DO NOT login into Proud City using edge I can view just our website without being redirected.

My work around for now is I am using chrome for edits and edge to see the edits, on the website.

[kevindherman]

Testing notes:

• logged in to my.proudcity.com
• view site
• Logged out from the site
• This sent to the screen that previously redirected to the dashboard. It’s a bit wonky but you can log back in from there. Once logged back in it shows logged in but on a page not found. You can start navigating and you’re logged in. I think this can be cleaned up once the looping issue is resolved.

I also tested logging out from my.proudcity.com

• login to my.proudcity.com
• view beta
• Logout of my.proudcity.com
• was asked on beta if I wanted to logout, selected yes, it logged me out.

Although it’s not perfect and can be cleaned up, it’s definitely better than the looping if it resolves that issue. Cleanup should focus on the logout out experience from the website and the screen they land on.

From slack discussion with @lukefretwell @curtismchale let's deploy this fix and then circle back on cleaning up the page not found issue later.

[curtismchale]

@lukefretwell @kevindherman We pushed a fix for this so that users don't get sent back to the PC dashboard. Does that conclude this issue and we'll resolve further Auth0 stuff as we look at the latest versions of Auth0?

Can we close this issue?

This was deployed with this tag: https://github.com/proudcity/proud-recipes/releases/tag/2023.02.08.1049

[kevindherman]

@curtismchale I don't think so. I just tested this for sites that I noticed the looping issue and the below is what happened.

• Incognito browser
• my.proudcity.com
• manage site
• view site
• this loads the homepage but then redirects to this URL with the logout message: https://www.sonomacity.org/wp-login.php?action=logout&redirect_to=https%3A%2F%2Fwww.sonomacity.org%2F&_wpnonce=f6a13dfc55&SLO=1

• Same thing happened with another site: https://www.cityofmontclair.org/wp-login.php?action=logout&redirect_to=https%3A%2F%2Fwww.cityofmontclair.org%2F&_wpnonce=33370c0f3d&SLO=1
• 

@curtismchale @lukefretwell I hope that the page loading to this logout request and not redirecting all the way to my.proudcity.com helps provide more clues.

[kevindherman]

We've had success with adjusting third party cookie settings.

[lukefretwell]

Adding these as reference per conversation with @curtismchale:

[lukefretwell]

@curtismchale I still experience this issue and have to view public changes in private mode.

[curtismchale]

@lukefretwell then I guess open it again but I never see it and unless I can get a specific scenario under which I can reproduce the problem there is nothing I can do to fix it.

We've consistently seen that the issue is a user configuration one not anything with our system. Have you tried wiping and reinstalling your browsers, or your system? I know this is a drastic step, but I really don't know what else to say.

[lukefretwell]

@curtismchale it has something to do with browser settings/add-ons/plugins I believe. We created this post that seems to help, but I'll re-open so we have it visible and hopefully with the account changes we can resolve it. Note that it only happens for me on some sites, but not all, so it's something we should be able to find.

https://help.proudcity.com/configuring-browser-privacy-settings/