Details

      Description

      Steps to reproduce

      1. Start liferay and access the home page in IPV6 following this guide (Still valid for 7.1/master): https://dev.liferay.com/en/discover/deployment/-/knowledge_base/7-0/choosing-ipv4-or-ipv6
      2. Try to log in

      Expected result: Successful login
      Actual result: Broken page and error in console:

      2018-11-14 01:19:31.936 WARN [http-nio-8080-exec-9][SecurityPortletContainerWrapper:393] User 0 is not allowed to access URL http://[::1]:8080/web/guest/home and portlet com_liferay_login_web_portlet_LoginPortlet

      Reproduced on:
      Tomcat 9.0 + MySQL + Portal master GIT ID: 37bc6cd326eef9e85a5bb3b6c7af7c0f7e6ca512

      Not reproducible on:
      Tomcat 9.0 + MySQL + Portal 7.1.x GIT ID: 7a4306c9e0e92ee3b41b10d3b219621ce2af5380

      In our attempt to debug, we traced it as far as:
      https://github.com/liferay/liferay-portal/blob/aa82381722fd386f17b3b9f08fe2b7823c4a80d1/portal-impl/src/com/liferay/portal/security/auth/SessionAuthToken.java#L177

      The csrf token is actually blank here, which returns from the "p_auth" parameter as blank at this code:
      https://github.com/liferay/liferay-portal/blob/55d21eea9218ef9f5e5a6002da8550a349e78a5c/portal-impl/src/com/liferay/portal/upload/UploadServletRequestImpl.java#L194

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  30 weeks, 3 days ago

                  Packages

                  Version Package
                  7.2.X
                  Master