Browsing to expired page defaults to 302 redirect instead of 404

  • Updated

This article covers the issue on browsing expired pages and how these exceptions are handled. It will also cover the code resolution and workaround for earlier versions.

The expected behavior is that when browsing to an expired page we should get a 404 but what we see is a 302 to login.  This is also relevant with commerce.

This was an issue resolved in EPiServer.CMS.Core 10.0.1 as part of the escalation here.

The recommended and supported resolution is to apply the latest Nuget Package which includes this fix.

However, if on a much earlier version like Episerver 7 and unable to update code immediately there may be a way to tap into access issues and handle it on your own. The code below is discussed here.

using System.Web.Mvc;
using EPiServer;
using EPiServer.Core;
using EPiServer.Security;
using EPiServer.Web.Mvc;
using log4net;

public abstract class AwesomeControllerBase : PageController
where T : PageData
    protected T CurrentPage
            //returns the current page as T using a PageRouteHelper
            //As mentioned by Fredrik Vig in the comments:
            return (T)PageContext.Page;

    protected override void OnAuthorization(AuthorizationContext filterContext)

    private void CheckAccess()
        if (CurrentPage.QueryAccess().HasFlag(AccessLevel.Read))

    private void ServeAccessDenied()
        new AccessDeniedException(CurrentPage.ContentLink));

        AccessDeniedDelegate accessDenied
        = DefaultAccessDeniedHandler.CreateAccessDeniedDelegate();