After creating new route: The security context contained no tokens which could be authenticated.

[mhsdesign]

Description

This issue is about that sometimes new secured routes wont work directly but one needs to destroy the Flow session (eg. log in log out or ./ flow session:destroyall)

I always encountered this issue specifically when creating a new backend route for the neos ui (eg. /neos/blabla) But i will investigate what the minimal way to reproduce this behavior is.

Steps to Reproduce

see slack: https://neos-project.slack.com/archives/C050C8FEK/p1632390981305100 or:

1. Create a new neos backend route (will provide the steps)
2. Test the route in the browser

Expected behavior

one is authenticated

Actual behavior

one is not authenticated. The flow session needs to be destroyed eg: log in log out (in neos ui) or ./ flow session:destroyall

The security context contained no tokens which could be authenticated.
Evaluated following 1 privilege target(s):
"Neos.Neos:Backend.OtherUsersPersonalWorkspaceAccess": ABSTAIN
(0 granted, 0 denied, 1 abstained)

Exception Code	1258721059
Exception Type	Neos\Flow\Security\Exception\NoTokensAuthenticatedException
Log Reference	20220420083951d4c663
Thrown in File	Data/Temporary/Development/Cache/Code/Flow_Object_Classes/Neos_Flow_Security_Authorization_Interceptor_PolicyEnforcement.php
Line	104
Original File	Packages/Framework/Neos.Flow/Classes/Security/Authorization/Interceptor/PolicyEnforcement.php

Affected Versions

Neos & Flow & UI: 7.3