If your user logon flow is working fine in development environment and is failing once you get to staging or live. Essentially there is a configuration that needs to be defined in wc-server.xml for allowedDomain if the URLRedirectFilter is enabled.
The URL redirectfilter is enabled to prevent phishing attacks where a link from the current site would prevent the user from being redirected to a different site. It does need correct allowedDomain or else some of the functionality including logon starts failing.
Make sure in wc-server.xml in store definition has correct value to domain or sub-domain value in the URLredirectfilter definition for store element.
alloweddomain
name
=
"example.com"
[6/22/12 12:34::024 EDT] 00000123 EJBMDOrchestr A CNTR0117I: Container-managed ejbStore() call will be bypassed on bean: "WC_ejgrp#Member-MemberManagementData.jar#UserPasswordHistory" if it has not been modified in the current transaction.
[6/22/12 12:34:58:313 EDT] 0000023b CommerceSrvr A ECActionForwardInstance isRedirectAllowed(String) CMN0207E The value of the parameter "URL" is not correct.
[6/22/12 12:59:59:254 EDT] 00000113 CommerceSrvr E WCAuthenticationCookie getUserId CMN1039E: An invalid cookie was received for the user, your logonId may be in use by another user.
[6/22/12 12:34:28:727 EDT] 00000122 CommerceSrvr A ECActionForwardInstance isRedirectAllowed(String) CMN0207E The value of the parameter "URL" is not correct.
[6/22/12 12:34:30:239 EDT] 0000045b CommerceSrvr E WCAuthenticationCookie getUserId CMN1039E: An invalid cookie was received for the user, your logonId may be in use by another user.
[6/22/12 12:34:13:330 EDT] 00000245 CommerceSrvr A ECActionForwardInstance isRedirectAllowed(String) CMN0207E The value of the parameter "URL" is not correct.
[6/22/12 12:34:15:141 EDT] 00000245 CommerceSrvr E WCAuthenticationCookie getUserId CMN1039E: An invalid cookie was received for the user, your logonId may be in use by another user.