Skip to main content

Posts

Featured

Change Password and Logout from Sitecore CMS still allows to access /sitecore home page

Context : Recently, I came across an interesting scenario from a Sitecore Slack channel thread that the home page is accessible after a user changes password and logs out of the CMS. So, I decided to simulate the issue in a local instance and I could do the same. So, instead of explaining the situation via words, here is a video that demonstrates the issue in a fresh 10.4 Sitecore instance: Although this is an edge case and such edge cases are the playground for the testing and security teams usually. Also, there is very less possibility that this would be a show-stopper or a loophole since it is a user session-based problem. Nevertheless, it is always good to know what-is-what in the area you work and be on top of issues - similar to how you keep your armoury fine-tuned at all times - you never know what is useful when! So, in case if your testing/security team comes up with this issue and makes a big hue and cry, here is what I did to disallow the user to access the home page wit...

Latest Posts

How to setup a Sitecore Search feed crawler + Product feedback

Product feedback - Logs not appearing in Support Portal admin section

Some interesting moments from the Sitecore Hackathon 2025, plugin review process, Stack Overflow answer et al

Solr 9.x installation using SIF

Sitecore XMCloud important notes in detail