cancel
Showing results for 
Search instead for 
Did you mean: 

how to change url when the session is timeout for storefront

Former Member
0 Kudos
 

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member387866
Active Contributor
0 Kudos

Hi Srinivas,

In your storefront extension, look for <storefront project>\web\webroot\WEB-INF\config\spring-security-config.xml.
For OOTB ext-template\yacceleratorstorefront\web\webroot\WEB-INF\config\spring-security-config.xml

Search for and change the /login occurrences, where needed.

 <http>
   ...
     <form-login
         login-page="/login.jsp"
         default-target-url="/index.jsp"
         authentication-url="/login.jsp?login_error=1" />
   ...
     <logout
         logout-success-url="/login.jsp" />
   ...
 </http>

 <security:http pattern="/checkout/**">
     <security:access-denied-handler error-page="/login"/>
 </security:http>

 <bean id="loginAuthenticationFailureHandler" class="..." >
     <property name="bruteForceAttackCounter" ref="bruteForceAttackCounter" />
     <property name="defaultFailureUrl" value="/login?error=true"/>
 </bean>

 <bean id="loginCheckoutAuthenticationFailureHandler" class="..." >
     <property name="bruteForceAttackCounter" ref="bruteForceAttackCounter" />
     <property name="defaultFailureUrl" value="/login/checkout?error=true"/>
 </bean>

I hope this helps,
Luke

Former Member
0 Kudos

Hi I already tried this one.but it not redirected to what i given path.But i got solution now following is the code:

     <security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS" />
     <security:access-denied-handler error-page="/"/>
     <security:session-management session-authentication-strategy-ref="fixation" invalid-session-url="/" />
     <security:intercept-url pattern="/**" requires-channel="https" />
     <security:csrf token-repository-ref="csrfTokenRepository" request-matcher-ref="csrfProtectionMatcher" />
     <security:custom-filter before="CSRF_FILTER" ref="logoutFilter" />
former_member387866
Active Contributor
0 Kudos

Cool Srinivas, thanks for posting the solution.

Former Member
0 Kudos

Check storefront spring-security-config.xml file, you have to update access-denied-handler error-page path

[1]: /storage/temp/10186-capture.png

Former Member
0 Kudos

HI kiran I already tried this one.but it not redirected to what i given path.But i got solution now following is the code:

     <security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS" />
     <security:access-denied-handler error-page="/"/>
     <security:session-management session-authentication-strategy-ref="fixation" invalid-session-url="/" />
     <security:intercept-url pattern="/**" requires-channel="https" />
     <security:csrf token-repository-ref="csrfTokenRepository" request-matcher-ref="csrfProtectionMatcher" />
     <security:custom-filter before="CSRF_FILTER" ref="logoutFilter" />
Former Member
0 Kudos

Thanks for sharing.

VinayKumarS
Active Contributor
0 Kudos

Hello Srinivas,

Below properties can be found in platform/project.properties. Overwrite these properties in your local.properties to change the timeout value.

 ############################## SESSION SETTINGS ################################
 #
 # Settings to configure session behaviour
 #
 ################################################################################
 
 # The default session timeout (in seconds).
 # If you specify 0 or less, the session will never timeout
 default.session.timeout=3600
 
 # extension specific session timeout (in seconds)
 # If you specify 0, the session will never timeout
 # if negative number is set then default.session.timeout property will be used
 hac.session.timeout=3600
Former Member
0 Kudos

i am not asking about session timeout.i am asking about when session timeout is completed the page will go login page.but i want to change that url instead of login page