- I’ve verified that we are publishing to a Tomcat server.
- In Navigation I’ve configured the root site to “use site security” and I’ve created and linked to the pages: login, confirmation, password-request and password-reset.
- For the section I want to secure, I’ve configured it to “require login” and belong to group “member”.
- I’ve created a registration page, registered myself, then made myself a member of the group “member”.
- I’ve done a full publish.
My co-worker and I are both able to get to the secure page without logging in.
What am I missing and how would I go about troubleshooting to figure out what’s going on?
Thanks for any help you can provide!
More information for you: Nick has configured Tomcat and the delivery services for us, as our server is IIS7.
To confirm your environment, your “testing server” is the embedded Tomcat, and your “live server” is the production server running IIS7 and a local Tomcat for delivery services, current? Now just to be clear, using the exact configuration as you have outlined above, when you publish to the embedded Tomcat (your testing server), everything works as expected – you’re required to log in before accessing the secure pages – correct? If so, it does sound like an issue with your IIS server. I’m going to have to talk with Nick and we’ll look into reasons why the same site in CM1 would behave differently on your two separate servers.
Nathaniel - everything you said above is correct. Thank you for your time.
We have taken this issue offline and have senior resources looking into ways in which Laura can configure secure sections to work on her particular production environment. I will post a response here when we have more to report. Thanks for working with us on this, Laura.