Vulnerability in EPiServer.Forms
This is a problem was reported a long time ago (https://world.episerver.com/forum/legacy-forums/Episerver-7-CMS/Thread-Container/2013/5/Session-State-error-with-Google-Analytics-for-EPiServer-7/) but seems to still affect the latest stable version of the addon (v2.0.1). We are using an Episerver CMS / Commerce (11.5.4) installation with a Redis session provider and a Json serializer.
Any way of fixing the issue?
In the AnalyticsInteraction there is a attribute [Serializable], but it seems to be not enough in your case. Could you give me provide steps to reproduce in details, we will report a bug for fixing?
Hi Dac, thank you for your response.
We have the session provider configured to use a Redis instance on the Azure cloud. The configuration use a custom "redisSerializerType", a simple class doing serialization / deserialization using Newtonsoft.Json, rather than the default binary serializer that ships with the Microsoft.Web.Redis library.
The error occurs when you logout, the error message is:
Unable to find a constructor to use for type EPiServer.GoogleAnalytics.Web.Tracking.AnalyticsInteraction. A class should either have a default constructor, one constructor with arguments or a constructor marked with the JsonConstructor attribute. Path '$values.ContentLink', line 1, position 268.
I have created a bug here: https://world.episerver.com/support/Bug-list/bug/GA-64. We will look at it deeper.