Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Session logs out intermittently after being redirected by the payment link

Written By

Kanchan Bisht

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • After being redirected by the payment link, the session logs out.
  • Steps to reproduce :
    1. Login in Liferay.
    2. Call the API in Postman.
    Request parameters are attached (SSL Commerz Request Parameters.txt)
    Request Type: x-www-form-urlencoded
    URL: https://sandbox.sslcommerz.com/gwprocess/v4/api.php
    3. Set a redirect url (success_url, fail_url, cancel_url) to a test private page.
    4. Open GatewayPageURL from the response in the browser.
    5. Click login and sign in with the pre-filled mobile number. Use OTP: 111111
    6. Use any of the prefilled cards with CVV 111
    Expected Behavior:  Click on the success button to be redirected back to Liferay.
    Observed Behavior: The user session will be logged out and the user will be redirected back to the login page.

Environment

  • Liferay DXP 7.3 Fix Pack 1

Resolution

  • The issue turns out to be that the browser does not send the saved cookies back to the portal with the request to http://localhost:8080/group/guest/test after returning from the payment site.

    • The reason for this is that in the current environment, the limitations of the default cookie behavior prevent proper cross-site usage.
      To summarize, any cookies with the 'SameSite=none' value are 'filtered out' by the browser. (The default value is "SameSite=Lax.")cookies_SameSite_attribute__1_.png

  • Try the procedures below to overcome this issue:

    1) Added <CookieProcessor sameSiteCookies="none"/> to the <context> element in tomcat/conf/context.xml.
    2) Setup HTTPS based on SSL/TLS Configuration How-To. (This is because cookies with "SameSite=none" are sent only with encrypted requests.)
    Create a keystore file to store the server's private key and self-signed certificate by executing the following command:
    $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

    Uncomment and modify the "SSL HTTP/1.1 Connector" entry in $CATALINA_BASE/conf/server.xml

    <!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="${user.home}/.keystore" keystorePass="changeit"
    clientAuth="false" sslProtocol="TLS"/>

    3) Ensured to access/login to the portal via https and also set the redirect urls (success_url, fail_url, cancel_url) in Postman API call to https://localhost:8443/group/guest/test.

Additional Information

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?