cms
cms copied to clipboard
craftcms
[4.5.3]: User Impersonation-Link does not work
What happened?
Description
User Impersonation-Link does not work "Sign in as" works as expected, only the Impersonation-Link seems broken
Additional Info: The CMS runs in Headless-Mode
Steps to reproduce
1.User -> Copy impersonation URL… -> Call Url
Expected behavior
Login as impersonated User
Actual behavior
Getting redirected to the login page
Craft CMS version
4.5.3
PHP version
No response
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
Hi, thanks for getting in touch.
Based on the information you provided, could you please answer the following:
- the impersonation link doesn’t work when you try to login as someone who doesn’t have access to the Control Panel?
- does the impersonation link work when you try to login as someone who has access to the Control Panel?
- was it working on an earlier version of Craft CMS? if so, which version was it working on?
Hi, thanks for getting in touch.
Based on the information you provided, could you please answer the following:
- the impersonation link doesn’t work when you try to login as someone who doesn’t have access to the Control Panel?
No, the link does not work in both cases, although when I generate the link for someone that has no CP access it doesn't generate a CP link. Instead it generate a link to the primary site url, but that should be expected right?
- does the impersonation link work when you try to login as someone who has access to the Control Panel?
The Impersonation link also doesn't work for users, that have CP access. Here the generated link is a CP-Url but instead of logging the user in, I get redirected to the login page of the CMS.
- was it working on an earlier version of Craft CMS? if so, which version was it working on?
It worked in the past, but unfortunately I didn't keep track on the version number.
Thanks for all the answers!
No, the link does not work in both cases, although when I generate the link for someone that has no CP access it doesn't generate a CP link. Instead it generate a link to the primary site url, but that should be expected right?
Yes, that’s right.
This is an expected behaviour if you try to use the impersonation link more than once, if the impersonation token expired (they’re valid for 1h), or if the token is deemed invalid.
Could you please test a newly created impersonation link and let me know if you’re still experiencing the issue?
@DTesch-Reem @i-just I've been following this issue as we've experienced the same thing on more than one Craft 4.5.x site currently in development. I can't say for sure that the issue began with Craft 4.5 but we've had other potentially related issues with user management post-4.5 upgrade.
@DTesch-Reem I've noticed that after I clear all cookies--and log back in--that the issue resolves itself. I'm unsure if this permanently fixes the problem for us but I haven't been able to reproduce it after clearing cookies.
Could you please test a newly created impersonation link and let me know if you’re still experiencing the issue?
Unfortunately, it makes no difference if the token is new. I create the link using the "Create Impersonation Url"-Button in de CP. Then if I try to use that link I get redirected to the login page.
Edit: I use Reddis for Cookie and User-Management, could there possibly be a bug with that?
@DTesch-Reem @i-just I've been following this issue as we've experienced the same thing on more than one Craft 4.5.x site currently in development. I can't say for sure that the issue began with Craft 4.5 but we've had other potentially related issues with user management post-4.5 upgrade.
@DTesch-Reem I've noticed that after I clear all cookies--and log back in--that the issue resolves itself. I'm unsure if this permanently fixes the problem for us but I haven't been able to reproduce it after clearing cookies.
Clearing the cookies didn't help, but thanks for the tip!
@DTesch-Reem really odd... since it sounds like this is consistently reproducible on your box, is there any chance we could get some Craft control panel and SSH access to it to investigate more? If so, can you send those details to [email protected] and reference this issue?
