Issue
- A blank screen (with url http://localhost:8080/c) is seen after user password is reset.
- The expected behavior after password reset is for users to A) be successfully redirected to Liferay home page and B) remain logged in.
- However, in DXP 7.4 u50 (and below) with
session.enable.phishing.protection=false
set in portal-ext.properties, users are instead redirected to a blank page after password reset. - In DXP 7.4 u51 and higher with
session.enable.phishing.protection=false
, users are successfully rerouted to the Liferay home page, but users are logged out.
- However, in DXP 7.4 u50 (and below) with
Environment
- DXP 7.4
Resolution
- When session.enable.phishing.protection property is set to false in portal-ext.properties in DXP 7.4, sessions are being invalidated in PasswordModifiedFilter due to differences in passwordModifiedDate and creation date of the current session. This is a bug solved by LPS-182143 -- please update to a more recent Update release with the fix included or reach out to Support for a hotfix including the fix.
- A valid workaround would be to set
session.enable.phishing.protection=true
instead in portal-ext.properties.
Additional Information
- Portal Properties: Session (session.enable.phishing.protection)
- Portal Properties: Company (company.security.strangers.verify)
- Configuring a Password Policy: Password Properties Reference
- Adding and Managing a User: Resetting a User Password
- Account Users