B2B impersonated data is not removed after logging out
ID: 1067969
Backlog
Published on 7/18/2024
•
Last update on 7/18/2024
Summary
Logging out after impersonating a user in B2B Suite doesn't remove the storefront-permissions from the session.
This allows the user to navigate the website and even place orders if the impersonated user has access to checkout.
Simulation
- Login with a user with impersonating roles;
- Impersonate another user;
- Logout.
Workaround
Click "Stop Impersonation" to remove the impersonated data from the session.