Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-59709

Redirect loop when signing in using action attribute url

    Details

      Description

      Steps to Reproduce on Master

      1. Inspect the Sign In portlet and get the action URL which will look similar to the following
        <form action="http://localhost:8080/web/guest/home?p_p_id=58&p_p_lifecycle=1&p_p_state=maximized&p_p_mode=view&_58_struts_action=%2Flogin%2Flogin">
      2. Open the Create Account link in a new window
      3. Sign in
      4. Refresh the Create Account page
      5. Inspect the Create Account form and take the p_auth token from its action URL
      6. Paste in the copied action URL but substitute in the p_auth parameter from the Create Account page
      7. Submit and assert the page is sent into an infinite redirect loop

      Steps to Reproduce on 6.2.x

      1. Inspect the Sign In portlet and get the action URL which will look similar to the following
        <form action="http://localhost:8080/web/guest/home?p_p_id=58&p_p_lifecycle=1&p_p_state=maximized&p_p_mode=view&_58_struts_action=%2Flogin%2Flogin">
      2. Sign in
      3. Paste in the copied action URL
      4. Submit and assert the page is sent into an infinite redirect loop

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  3 years, 47 weeks, 5 days ago

                  Packages

                  Version Package
                  6.2.X EE
                  7.0.0 Alpha 2