I've noticed something has changed when you use the 'send password'-functionality in service:
This send an email with a link ( [[loginUrl]] ) , and when a customer clicks on it they open the customer center with a valid custsessionkey/session. The url looks something like this:
I guess the token gets exchanged for a custsessionKey somewhere down the line.
Now, you are unable to navigate around untill you have actually set a new password, and im wondering what is actually deciding this. Is it a part of the sessionkey?
I've created a custom CC and i've created a simple logout-method that can be called from a button on my page:
AddHttpHeader("set-cookie", "custSessionKey=; expires=Thu, 01 Jan 1970 00:00:00 GMT");
result.message = "Logout ok!";
result.message = "Error logging out..";
This only logs the customer out and sets the custSessionKey to expired, and works as expected as long as i've logged in normally on the CC.
When i get the custsessionkey from the 'send password' i have no success on actually logging myself out and i expect this has something to do with the 'you have to set a new password first'-stuff thats going on.
If i go into cookies and remove the custsessionKey manually i'm logged out as expected, so i'm unsure what prevents my script from setting the expired-date to something invalid.
My question is how is this all connected so i can better understand how to work around this issue.