I was able to reproduce the issue only a few times, but for sure there is some issue.
Our web application allows users to create an account on the front-end without permissions to access site backend.
We have some areas on the front-end where we require users to be authenticated (account management area).
To do this we use EventHub and IUnathorizedPageAccessEvent, if event of this type is fired we check if user is trying to access backend or frontend page. If it's a front-end page we redirect to the front-end login screen.
However, sometimes this event is fired at all and users are taken to Sitefinity backend login:
I guess this happens for accounts that have permission to access backend (maybe there is still some information in session or cookies).
To authenticate users on the front-end we use SecurityManager.AuthenticateUser.
Do you have any suggestions how can we solve this issue?
Good timing, I have a feedback portal item in discussion for this exact thing
I however have lots of experience with SF and custom redirects from the backend login page, and I'll guarantee you there will be issues, so I'm not even doing this. Even worse is when you put in a ticket you'll get blamed with a "Custom Login".
Thank you. I think it may be related to session and its expiration (from what I found it happens often when you leave your browser opened for a long time and then try to access secured page).
Any help is appreciated.