Login fails in local environment. - Liferay Learn

Legacy Knowledge Base

Published Sep. 10, 2025

Login fails in local environment.

Written By

Bae Helene

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

The following error occurs in the local environment, and login is no longer possible.

[SecurityPortletContainerWrapper:416] User 0 is not allowed to access URL http://localhost:8080/web/guest/home and portlet com_liferay_login_ web_portlet_LoginPortlet: User 0 did not provide a valid CSRF token for com.liferay.portlet.SecurityPortletContainerWrapper

After clearing the following cache, the same error occurs when I start it.

Delete {LIFERAY_HOME}/work .
Delete {LIFERAY_HOME}/osgi/state .
Delete {TOMCAT_HOME}/temp .
Delete {TOMCAT_HOME}/work .
Delete web browser cache

Environment

Liferay DXP 7.2

Resolution

This event occurs when the Secure attribute of the cookie is set in Tomcat_HOME/webapps/ROOT/WEB-INF/web.xml ..

<cookie-config>
<secure>true</secure>
</cookie-config>

If you are not accessing the site via HTTPS, please remove the relevant tags and check again.

Additional Information

Warning during login

Did this article resolve your issue ?

Legacy Knowledge Base

Capabilities

View All Capabilities

Product

Analytics Cloud

Education

Knowledge Base

Troubleshooting

Contact Us

Submit Feedback

Powered by Liferay

© 2026 Liferay Inc. All Rights Reserved • Privacy Policy