Affects Version/s: 7.0.X EE, Master
Component/s: Portal Configuration
Half of the issue was solved in
LPS-71039. Fixing the other half in this LPS.
Session Timeout redirect property not working in 7.0.
According to comment on LPP-23538, if "session.timeout.redirect.on.expire=true" set, users should be redirected to a "default page".
But no redirecting to default page, no redirecting occurring at all.
Steps to Reproduce:
1. Configure 7.0 bundle with de-11 installed
Add following properties to enable session timeout
2. Minimize session timeout to 5 minutes by going to tomcat-8.0.32/webapps/ROOT/WEB-INF/web.xml and edit
3. Start up server and log in
4. Add the "test-page" page, go to a different page
5. Wait 5 minutes and see WARNING pop-up, and get session timeout
Result: Session times out, but page redirect does not occur, still on same page and shown as logged in.
If you click a public page (localhost:8080), you get sent to that page, if you click a private page (Control Panel), you get sent to the login portlet.
You are not sent to the configured default home page.
Results of Testing:
Expected Results: Session Timeout Redirect sends timed out users to a default page or the Home URL page.
Actual Results: When session times out, no redirect occurs.
It seems that the redirect property will only work if you don't have any SSO modules deployed.
But because com.liferay.portal.security.sso counts as an SSO module, this property is ALWAYS ignored.
Branch? Yes, reproduced in 7.0.x
Git ID: 64955cd600da3bae795590680d3cbc8b0997e82d
Master? Yes, reproduced in master
Git ID: 33def4dcab6cb387d1110b93cd703a5e4cc2c941