You need to sign in to do that
Don't have an account?
Sites Double Login Issue
Background:
Org has Partner portal login enabled through Sites.
Org does not use custom domain.
Site-Level Security: RequireNon-Secure Connections (HTTP) is "Not-Checked"
Organization-Level Security: Require DescriptionSecure Connections (HTTPS) - "Not Checked"
Site url: https://mycompany.secure.force.com/sitelogin
Site home page: Page A
Page A has following code to redirect user to Page B
<apex:page controller="PageAController" action="{!redirect}" showheader="false"><apex:messages /> </apex:page>
When user logs in using https://mycompany.secure.force.com/sitelogin
Browser is forwarded to following URL:
http://mycompany.secure.force.com/frontdoor
to
http://mycompany.force.com/frontdoor
to
http://mycompany.force.com/PageA
to
http://mycompany.force.com/PageB
to
http://mycompany.force.com/sitelogin?refURL=PageB
However on PageB's controller where the system is querying from the custom object - system thinks that user is not authenticatedand user is directed to http://mycompany.force.com/siteLogin page.
From firebug, I see that sid cookie is present in http://mycompany.secure.force.com/frontdoor redirect with domain of "mycompany.secure.force.com"
sid cookie is not present when the browser is making request to http://mycompany.force.com/PageA or http://mycompany.force.com/PageB
Question:Is this expected?
From sites documentation, I do see that for following condition:
Site-Level Security: RequireNon-Secure Connections (HTTP) is "Not-Checked"
Organization-Level Security: Require DescriptionSecure Connections (HTTPS) - "Not Checked"
behavior is: "Site uses HTTP for the post-login session".
This instance only occurs in the "Production" environment where there is redirect from http://mycompany.secure.force.com/frontdoortohttp://mycompany.force.com/frontdoor. In Developer or Sandbox edition's this is not replicated as the redirection does not occur.
My only lead right now is to Organization-Level Security: Require DescriptionSecure Connections (HTTPS) - "Checked" which will force following:
Site uses HTTPS for the post-login session• Upon login, users see the secure.force.com domain
Any help would be appreciated.
Thank you.
Ensure the profile for the user has access to the visualforce pages,
If the user doesn't have access then the system assumes the user needs to login to access the page.
Just check the security on the profiles to ensure they have access to the vf pages and you should be good.