The procedure for replicating this behavior is to go the the website when not logged in and view the content. Login when prompted and then go back to the page. You are still shown as logged out and are prompted to login.
Refreshing the page or hitting CTRL F5 shows the proper page content that you should see when logged in.
The website is hosted on SiteGround which has it's own caching plugin, which I've completely disabled.
I've tried this on the latest Chrome, Edge, Firefox, and Edge Beta.
As you can see in the screencast, what happens is people are viewing the content when they're not logged in, which is a custom post type single.
I'm using Toolset Access to restrict access to some of the content on the page and showing a login prompt to someone who isn't logged in.
After they go through the login process and go back to view the content, they're still being restricted and shown the login prompt.
Refreshing the page (sometime CTRL F5 is required) shows the page as it should with restricted content being shown to logged in users.
OK, but I was looking for specifics about your log-in and redirects.
Can I get access to your site to look myself?
Let me mark your next reply as private so that I can get log-in credentials from you—you may want to create a temporary admin user for me to use that you can later delete. And be sure to have a current backup of your site.
It looks SiteGround's "SG Optimizer" plugin was the culprit.
The plugin added some stuff the the .htaccess file for browser caching. I don't remember turning it on (it happened on multiple sites) but regardless with it turned off, the additions to the .htaccess file were not reverted.
I removed:
# Leverage Browser Caching by SG-Optimizer
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 6 months"
# CSS
ExpiresByType text/css "access plus 1 year"
# HTML components (HTCs)
ExpiresByType text/x-component "access plus 2 months"
# HTML
ExpiresByType text/html "access plus 6 months"
# JavaScript
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType application/x-javascript "access plus 1 year"
# Manifest files
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"
# Media
ExpiresByType audio/ogg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/svg "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType video/mp4 "access plus 1 year"
ExpiresByType video/ogg "access plus 1 year"
ExpiresByType video/webm "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType application/pdf "access plus 1 year"
ExpiresByType application/x-shockwave-flash "access plus 1 year"
# Web feeds
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
# Web fonts
ExpiresByType application/font-woff "access plus 1 year"
ExpiresByType application/font-woff2 "access plus 1 year"
ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
ExpiresByType application/x-font-ttf "access plus 1 year"
ExpiresByType font/opentype "access plus 1 year"
</IfModule>
# END LBC
# BEGIN WordPress
![Image%202019-10-02%20at%201.38.50%20PM[1].png](https://toolset.com/wp-content/uploads/2019/10/1354383-Image_202019_10_02_20at_201.38.50_20PM_1_.png "1354383-Image_202019_10_02_20at_201.38.50_20PM_1_.png")
