neos-ui icon indicating copy to clipboard operation
neos-ui copied to clipboard

Published 20 hours ago verified publisher icon neos

BUG: In a NEOS multisite, the "default" document node that opens when entering the backend sometimes comes from the wrong site

Open bbehrendt-mm opened this issue 2 years ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current Behavior

In a NEOS installation with multiple sites, opening the backend on one site will sometimes attempt to open the last visited node from a different site.

This seems to be caused by Controller/Frontend/NodeController in the Neos.Neos package always writing the last visited node into the NEOS session

$this->session->putData('lastVisitedNode', $node->getContextPath());

and Controller/BackendController in Neos.Neos.Ui always redirecting to said node when opening the backend without any node explicitly set in the URL without checking if the node stored in there belongs to the current site.

When switching to another site using the NEOS menu on the left, the token login causes the same session to be started on the domain of the second site, therefore the content of lastVisitedNode becomes shared between the two sites.

In our case, rendering a document node in the context of a site it does not belong to causes the Content Rendering to crash in the backend, particularly when rendering menu items (see attached error log, where NEOS attempts to render a document node from site-001 inside the backend of site-002).

202308251003350b19f4.txt

Expected Behavior

Either one of:

  • When the document node stored in lastVisitedNode does not belong to the current site, redirect to the site node of the current site
  • The lastVisitedNode is stored separately for each site

Steps To Reproduce

  • Have a NEOS installation with two or more sites on different domains (e.g. site-001.localhost and site-002.localhost)
  • Open the NEOS backend of one site (site-002)
  • Use the NEOS menu on the left to switch to the other site (so you will get automatically logged in, and the session becomes shared)
  • In the NEOS backend of the other site (site-001), open any document node
  • MANUALLY navigate to the backend of the first site (by navigating to http://site-002.localhost/neos), WITHOUT using the NEOS menu
  • You will be redirected to the document node you selected in the site-001 backend, despite currently being in the site-002 backend (e.g. http://site-002.localhost/neos/content?node=%2Fsites%2Fsite-001%2Fnode-zqumq7hi3bhfa%40user-muensmedia)

Environment

- Flow: 7.3.14
- Neos: 7.3.14
- PHP: 8.1

Anything else?

No response

bbehrendt-mm avatar Aug 25 '23 08:08 bbehrendt-mm