Change Password and Logout from Sitecore CMS still allows to access /sitecore home page
Context : Recently, I came across an interesting scenario from a Sitecore Slack channel thread that the home page is accessible after a user changes password and logs out of the CMS. So, I decided to simulate the issue in a local instance and I could do the same. So, instead of explaining the situation via words, here is a video that demonstrates the issue in a fresh 10.4 Sitecore instance: Although this is an edge case and such edge cases are the playground for the testing and security teams usually. Also, there is very less possibility that this would be a show-stopper or a loophole since it is a user session-based problem. Nevertheless, it is always good to know what-is-what in the area you work and be on top of issues - similar to how you keep your armoury fine-tuned at all times - you never know what is useful when! So, in case if your testing/security team comes up with this issue and makes a big hue and cry, here is what I did to disallow the user to access the home page wit...