Issue
- I have two separate sites in my Liferay DXP environment, and I want to understand how to configure web page redirection after a user's session expires.
Environment
- Liferay DXP 7.1
Resolution
-
If you have
session.timeout.redirect.on.expireset in your portal-ext.properties file set totrue, this will redirect a user once their session times out to this specific path. -
This will redirect the user to the path set in
company.default.home.urldefined. For example, let's say we have company.default.home.url set to/web/example/home, in this case, it will send your expired session to the Example site's Home URL.
There are a few out-of-the-box options to adjust redirection.
- You can disable session timeout redirection by setting
session.timeout.redirect.on.expire=falsein your portal-ext.properties file. - Alternatively, if the expired session is on a private page (i.e., a page that requires authentication), you can have it redirect to the login screen which after successful authentication, will redirect the user back to the page that the session expired on by using
auth.forward.by.redirect=true. Here is the property description:
The login page reads a redirect by a parameter named "redirect". If this property is set to true, then users will be redirected to the given redirect path upon successful login. If the user does not have permission to view that page, then the rule set by the property "auth.forward.by.last.path" will apply.
You can set the redirect manually from another application by appending the "redirect" parameter in a url that looks like this: /c/portal/login?redirect=%2Fgroup%2Femployees%2Fcalendar. This url will redirect the user to the path "/group/employees/calendar" upon successful login.
If you are operating multiple sites on a single environment, and require conditional redirects based on the site that the user belongs to, you may need to build a customization that alters the redirect behavior upon session expiration. - You can disable session timeout redirection by setting