AutoLogin called every time private page clickedAutoLogin called every time private page clickedhttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=1137736892024-03-29T06:59:11Z2024-03-29T06:59:11ZRE: AutoLogin called every time private page clickedOlaf Kockhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1143416262019-07-17T09:18:11Z2019-07-17T09:18:11Z<div class="quote-title">saravanan muniraj:</div><blockquote><br />Thanks Eric,JSESSIONID is not set for the cluster server . How to fix it ?<br /></blockquote>Tomcat, or any application server, will set the JSESSIONID cookie to make sure that the client's session will be referenced in future requests. If you actively work against it, you'll find that somewhere in your infrastructure (it might just be the browser denying cookies, it might be the loadbalancer ignoring them).<br />The settings that you quote have nothing to do with the web layer setting cookies to the browser.<br />Without the session cookie, there's simply no persisted authentication, thus you'll have to re-authenticate every single request.Olaf Kock2019-07-17T09:18:11ZRE: AutoLogin called every time private page clickedsaravanan munirajhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1143365462019-07-16T19:50:40Z2019-07-16T19:50:40ZThanks Eric,JSESSIONID is not set for the cluster server . How to fix it ?<br /><br />below is the Clustered configuration on portal-ext.properties# server 1<br />cluster.link.enabled=true<br />cluster.link.autodetect.address=<db-server-name>:1433<br />web.server.display.node=true<br /><br /># server 2<br />cluster.link.enabled=true<br />cluster.link.autodetect.address=<db-server-name>:1433<br />web.server.display.node=truesaravanan muniraj2019-07-16T19:50:40ZRE: AutoLogin called every time private page clickedEric COQUELINhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1138939542019-06-04T21:01:48Z2019-06-04T21:01:48ZI haven't checked but may be the AutoLogin be called everytime...<br />After authentication, you should have one cookie being set : JSESSIONID. Can you check ?<br />From that moment, for each request, Liferay will check against this cookie and if valid will consider your used as logged in.Eric COQUELIN2019-06-04T21:01:48ZRE: AutoLogin called every time private page clickedsaravanan munirajhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1138681612019-06-03T20:02:56Z2019-06-03T20:02:56ZActually the issue is after user Authenticated and logged in successfully , again AutoLogin called in multiple times for the same user immediate after login. <br />To resolve this issue I thought setting <br />session.timeout=40,session.timeout.auto.extend=true<br />session.timeout.auto.extend.offset=300<br />session.timeout=40<br />auth.simultaneous.logins=false in portal.ext.properties would help. <br />See the below code for Customization AutoLogin code . Please do point What would be likely cause for this issues <br />public String[] login(<br /> {<br /> final String[] credentials = new String[3];<br /> Cookie cookie = getCookie((HttpServletRequest) request, PropsUtil.get(COOKIE_NAME)); if(cookie == null){<br /> request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, getRedirectUrl(request));<br /> }else{<br /> ValidateCookieResponse validateCookieResponse = Authenticate(cookie.getValue());<br /> if(validateCookieResponse != null){<br /> String userName = validateCookieResponse.getUser().getUserLogin(); <br /> if (StringUtils.isBlank(userName)){<br /> request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, getRedirectUrl(request));<br /> }else{<br /> long companyId = PortalUtil.getCompanyId(request);<br /> com.liferay.portal.kernel.model.User user = null;<br /> try {<br /> user = UserLocalServiceUtil.getUserByScreenName(companyId, userName);<br /> } catch (PortalException e) {<br /> request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, getRedirectUrl(request));<br /> }<br /> if(user != null){ credentials[0] = String.valueOf(user.getUserId());<br /> credentials[1] = user.getPassword()<br /> credentials[2] = String.valueOf(user.isPasswordEncrypted()) ; <br /> return credentials;<br /> }else{ request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, getRedirectUrl(request));<br /> }<br /> }<br /> }<br /> }<br /> }else{ request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, getRedirectUrl(request));<br /> }<br /> return credentials;<br />thankssaravanan muniraj2019-06-03T20:02:56ZRE: AutoLogin called every time private page clickedOlaf Kockhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1138578092019-06-02T10:11:34Z2019-06-02T10:11:34ZIt doesn't sound like this will likely solve your problem, but there's at least one with the configuration you quote: With <session-timeout>30</session-timeout> the appserver <em>will</em> time out your session in 30 minutes. With session.timeout=40, Liferay will assume that the appserver times out the session after 40 minutes. In other words, when Liferay attempts to extend the session after 40 minutes (session.timeout.auto.extend=true), the session is long gone. At a minimum, both should be the same value. If they're different, Liferay's portal-ext.properties value should be <em>lower</em> than the appserver's.Olaf Kock2019-06-02T10:11:34ZAutoLogin called every time private page clickedsaravanan munirajhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1137736882019-05-30T14:53:21Z2019-05-30T14:53:21ZAll our site pages are private pages , So the user are forced to login first (Cookie based authentication ) override the AutoLogin as per the Liferay 7 documentation (<a href="https://dev.liferay.com/en/develop/tutorials/-/knowledge_base/7-0/auto-login">https://dev.liferay.com/en/develop/tutorials/-/knowledge_base/7-0/auto-login</a>)User authentication works as expected , establish the session too . but every time user click any private pages AutoLogin call again.<session-timeout>30</session-timeout> is being set in web.xml<br />the following are the properties settingsession.timeout.warning=0<br />session.timeout.auto.extend=true<br />session.timeout.auto.extend.offset=300<br />s