Tuesday, June 26, 2012

Logon failure Issue | URLRedirect filter enabled


If your user logon flow is working fine in development environment and is failing once you get to staging or live. Essentially there is a configuration that needs to be defined in wc-server.xml for allowedDomain if the URLRedirectFilter is enabled.

The URL redirectfilter is enabled to prevent phishing attacks where a link from the current site would prevent the user from being redirected to a different site. It does need correct allowedDomain or else some of the functionality including logon starts failing.

Make sure in wc-server.xml in store definition has correct value  to domain or sub-domain value in the URLredirectfilter definition for store element.

alloweddomain name="example.com" 

Logs from Error for this scenario with login failure:

[6/22/12 12:34::024 EDT] 00000123 EJBMDOrchestr A   CNTR0117I: Container-managed ejbStore() call will be bypassed on bean: "WC_ejgrp#Member-MemberManagementData.jar#UserPasswordHistory" if it has not been modified in the current transaction.
[6/22/12 12:34:58:313 EDT] 0000023b CommerceSrvr  A ECActionForwardInstance isRedirectAllowed(String) CMN0207E The value of the parameter "URL" is not correct.
[6/22/12 12:59:59:254 EDT] 00000113 CommerceSrvr  E WCAuthenticationCookie getUserId CMN1039E: An invalid cookie was received for the user, your logonId may be in use by another user.
[6/22/12 12:34:28:727 EDT] 00000122 CommerceSrvr  A ECActionForwardInstance isRedirectAllowed(String) CMN0207E The value of the parameter "URL" is not correct.
[6/22/12 12:34:30:239 EDT] 0000045b CommerceSrvr  E WCAuthenticationCookie getUserId CMN1039E: An invalid cookie was received for the user, your logonId may be in use by another user.
[6/22/12 12:34:13:330 EDT] 00000245 CommerceSrvr  A ECActionForwardInstance isRedirectAllowed(String) CMN0207E The value of the parameter "URL" is not correct.
[6/22/12 12:34:15:141 EDT] 00000245 CommerceSrvr  E WCAuthenticationCookie getUserId CMN1039E: An invalid cookie was received for the user, your logonId may be in use by another user.
Posted by at
Labels:

1 comment:

  1. UnknownJuly 22, 2012 at 11:05 AM

    Hi Raj, This helped me to resolve an issue for one of client. Thank you so much for posting this.

    - DB Patil

    ReplyDelete

Subscribe to: Post Comments (Atom)