Vulnerability in EPiServer.Forms
Hello. Is anybody experiencing similar problem or aware of solution?
Clients are complaining that they are getting logged out while using the site. It is on Mac, usually Firefox but other browsers as well. Never happens on windows. We weren't sure how to reproduce that. Then we made another demo site, that just kicked out user on mac during the demo click trough.
Is anybody familiar with such behavior?
What's the membership provider being used? Approximately how long does a user get kicked out of CMS after logging in on Mac side?
Users, like clients that use production version of the site. They all load site from same location on server.
I had to edit my last comment because it made the assumption that a version of your site was installed on a Mac environment, which isn't possible with CMS. What happens when you don't pump enough coffee in the morning :).
One thing to check is to do a comparison of the login cookies from a Windows and Mac browsers. and the expiration values. Another thing I could think of is that the Mac environments have some process in the background that are clearing browser cookies and thus losing the session. Otherwise, I myself haven't seen this issue raised in the forums or via a Support ticket. Also wonder if this is isolated to a particular Mac OS version.
Expires / Max age value is read in firebug both on PC and Mac as 2 hours expiration. Setting in web.config is set to 120, so it is all in place.
I'll have to investigate bit more what do they have on their machines, maybe something is really purging cookies.