Currently we are fixing a really weird issue that only happens with non-administration users.
When the user logs in and accesses one page, they are logged out of the system. The page finishes loading as if they were logged in, but once they try any other actions, such as clicking any module section menu (including refreshing the browser page) they are considered not logged in and presented with a login prompt.
After looking it into for a while, we found that this always seems to happen when this module requests my custom ashx web call, which was killing dnn authentication cookies and logging out non-administrator users. Later we made some search about reasonable solution – fortunately we found the helpful post exactly with the same issue - Why is DNN killing my authentication cookies when I access an ashx from a child portal?
As the answer mentioned below:
This occurs because the user is only defined in the child portal, but the request to the ASHX occurs (from DNN's perspective) in the parent portal. When DNN receives the request, it sees that you've "switched portals," no longer have a valid identity, and removes your authentication information. This doesn't occur for super users because they do have a valid identity across both portals.
To fix this issue, you need to add a querystring parameter to your request with the portal ID. This let's DNN disambiguate the request and keep your authentication intact.
For example, the coding of our case will be modified as follow:
var path = PortalSettings.HomeDirectory + objFile.Folder + objFile.FileName;
var resizedUrl = string.Format("~/desktopmodules/my_module_name/imagehandler.ashx?portalid={0}&path={1}",
PortalSettings.PortalId, path);
return ResolveUrl(resizedUrl);