Developer forum

You should be able to do that.

if the Globalsettings/Modules/Users/ResetSessionIdOnLoginAndOut i set though, your session ID will expire and you will be logged off both places.

Hi Nicolai,

Are you certain that is doing setting relates to this? I looked at the source code and it does work with the SessionId cookies, but I was expecting to have different cookies to control the backend and frontend logins.

In either case, here's what I did:

• Added that XML node to GlobalSettings (it does not exist in a clean version of Swift)
• Tested with both true and false and got the same result - I was always kicked out of the backend when I logged out of the frontend
  Here's the screencast https://www.screencast.com/t/IaINcyLurFs

Best Regards,

Nuno Aguiar

Hi Nuno

It is related. At some point a 'security' fix was made to reset ASP.NET_SessionId cookie on logout - frontend and backend. When that is reset, the session is gone and you are logged of.

The setting I referred to is related to backend logoff - that if set to true, it will remove session id, otherwise not - meaning logging off the backend will not log you off from the frontend.

When you logoff from the frontend, this session id is always reset - causing your backend session (all sessions) to expire. 

This comes from a security report at some point - a simple fix could be to not reset the session cookies if you are also logged into the backend.

BR Nicolai

Hi Nicolai,

Thanks for the explanation. That makes sense.

We'd appreciate that fix. I know it's a small thing, but at least our entire team deals with a lot of frontend logout experiences multiple times a day, and more and more using the Visual Editor, you have to be logged into the backend in the same browser to manage some pages, so it becomes an annoyance.

Best Regards,

Nuno Aguiar

+1

Adrian

+1