Liferay login session not working in iframe
Written By
Marco Abamonga
How To articles are not official guidelines or officially
supporteddocumentation. They are community-contributed content and may
not alwaysreflect the latest updates to Liferay DXP. We welcome your
feedback toimprove How to articles!
While we make every effort to ensure this Knowledge Base is accurate,
itmay not always reflect the most recent updates or official
guidelines.We appreciate your understanding and encourage you to reach
out with anyfeedback or concerns.
Legacy Article
You are viewing an article from our legacy
"FastTrack"publication program, made available for
informational purposes. Articlesin this program were published without a
requirement for independentediting or verification and are provided
"as is" withoutguarantee.
Before using any information from this article, independently verify
itssuitability for your situation and project.
Issue
- In 7.4, iframe does not show signed in session of a separate 7.4 portal
Resolution
- The iFrame is working as expected in that the portal is rendered within the frame and the cookies are available to the browser tab. However, since the “sameSite” flag is not set to
none, and the Secure flag is not set, then the portal ignores any cookies outside of the current domain, resulting in the current behavior. To resolve this, do the following:
- Make sure all cookies use
sameSite=None and Secure = true. As an example, this can be done in Tomcat by adding the following to conf/web.xml:
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
...
and this to conf/context.xml:
<CookieProcessor sameSiteCookies="none"/>
- Enable HTTPS support in the portal
- Alternatively, if Liferay is fronted by a web server such as NGINX or Apache, the same cookies settings could be applied there instead. Please refer to your webserver documentation for more details.
-
Did this article resolve your issue ?