Legacy Knowledge Base
Published Jun. 30, 2025

Web page redirection after session expiration

Written By

Brian Suh

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • I have two separate sites in my Liferay DXP environment, and I want to understand how to configure web page redirection after a user's session expires.

Environment

  • Liferay DXP 7.1

Resolution

  • If you have session.timeout.redirect.on.expire set in your portal-ext.properties file set to true, this will redirect a user once their session times out to this specific path.
  • This will redirect the user to the path set incompany.default.home.url defined. For example, let's say we have company.default.home.url set to /web/example/home, in this case, it will send your expired session to the Example site's Home URL.
     
    There are a few out-of-the-box options to adjust redirection.
    1. You can disable session timeout redirection by setting session.timeout.redirect.on.expire=false in your portal-ext.properties file.
    2. Alternatively, if the expired session is on a private page (i.e., a page that requires authentication), you can have it redirect to the login screen which after successful authentication, will redirect the user back to the page that the session expired on by using auth.forward.by.redirect=true. Here is the property description:
       

    The login page reads a redirect by a parameter named "redirect". If this property is set to true, then users will be redirected to the given redirect path upon successful login. If the user does not have permission to view that page, then the rule set by the property "auth.forward.by.last.path" will apply.

    You can set the redirect manually from another application by appending the "redirect" parameter in a url that looks like this: /c/portal/login?redirect=%2Fgroup%2Femployees%2Fcalendar. This url will redirect the user to the path "/group/employees/calendar" upon successful login.

     
    If you are operating multiple sites on a single environment, and require conditional redirects based on the site that the user belongs to, you may need to build a customization that alters the redirect behavior upon session expiration.

Additional Information

Did this article resolve your issue ?

Legacy Knowledge Base