Initial description:
Results: 1st requests works properly, 2nd request (the same) is not working because GET coming to SSO.ashx, not POST ; 3rd requests works prperly as 1st; 4th request coming with GET as 2nd and so on. It doesn't matter if you close browser before next request or not. and problem related to authentication cookie
Last resonse from GitHub:
If I am not mistaken, the authentication cookie is valid for the authenticated portal alias. I think the proper way for this use case is to setup portal groups and then you get a single authentication domain for multiple portals. Unfortunately, there is currently no UI to manage portal groups. https://github.com/SCullman I am closing this issue and recommend discussing this special case in the new forums https://dnncommunity.org/forums if discussions end up to being a bug in the platform please open a new issue with very clear steps and/or code sample to reproduce.
My response:
'portal groups' may serve as a work around, but basically it creates security breach. Here are my statements
I think this explanation is straight forward, but let me know if coding details required.
Yes this is correct, cookies refer to a domain and domain is the same for both portals.
Unfortunately it doesn’t help to resolve the problem.
Common expectations: if request POST sent to handler URL, request POST should arrive to the handler.
In reality 2nd, 4th, 6th … requests arrive as GET.
Only going to technicalities I can see that during 2nd, 4th, 6th … request LOGIN COOKIE destroyed (i.e. logout simulated), error thrown and GET coming to the handler.
What kind of reasonable explanation can prove that it is not a bug.
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.