Error 404 after 2FA session timeout.

app1cker

Firstly, How can I set the login landing page for the 2FA ?
During my testing of the 2FA, the login submit seem to work i.e. triggering the code to the user, but returns and remain stuck at the homepage, instead of going to the 2FA where the user can enter the code. The only way to see this page is opening the user profile page

Secondly: Where do I set the return page when the 2FA user session times out. Currently it goes to 404 page 🙁

dominic

Hi app1cker,
Firstly, back up your site.

I'd be glad to assist you with configuring the 2FA login landing page and session timeout return page in Joomla.

1. Setting the Login Landing Page for 2FA:

There are two main approaches to control the landing page after a successful login with 2FA enabled:

A. Using the Extension's Configuration (if applicable):

Many popular Joomla 2FA extensions offer options within their configuration settings to specify the post-login redirect URL. Access the extension's settings from the Joomla administrator panel and look for a setting labeled "Login Redirect," "Post-Login URL," or similar. Select the desired page you want users to be directed to after successful 2FA verification.

B. Customization Through Code (if extension lacks a built-in option):

If your extension doesn't provide a configuration setting, you might need to modify the extension's code. This generally involves locating the section that handles successful logins and adding code to redirect to the chosen URL. However, due to the potential for breaking functionality with updates, this approach is recommended for experienced users or developers. Consider contacting the extension's developer for guidance or seeking a more configurable extension.

2. Setting the Return Page for 2FA Session Timeout:

By default, Joomla's session timeout redirects to a 404 page. Here's how to direct users to a specific page upon session expiration:

A. Using Global Configuration:

Go to System -> Global Configuration in the Joomla administrator panel.
Under the System tab, locate the Session Lifetime setting. This determines the duration (in minutes) before a session expires. Adjust this value as needed.
Find the Session Timeout Redirect setting. Here, you can choose from:
Default: Joomla redirects to the login page (not ideal for 2FA).
Previous Page: User returns to the last visited page (can be confusing).
Home: Redirects to the website's homepage (usable for 2FA).
Custom: Enter the specific URL (e.g., your login page) where you want users to go after timeout.
Select the most suitable option for your scenario.

B. Customization Through Code (advanced):

Similar to setting the login landing page, in some cases, you might need to modify Joomla's core code to alter the session timeout redirect behavior. This is an advanced approach and carries the risk of breaking functionality with updates. Proceed with caution and seek assistance from a developer if necessary.

Additional Tips:

After making changes, clear your browser cache and cookies to ensure the new settings take effect.

Consider using a test environment to experiment with configurations before implementing them on your live site.

If you continue to face issues, consult the documentation of your specific 2FA extension or seek help on the Joomla forums.

By following these steps, you can effectively configure the landing page after successful 2FA login and define the return page when a session times out in Joomla, improving user experience and security.

app1cker

This message is visible to Moderators only

hidden content

dominic

Hi app1cker,

1/ For Joomla 4, here's how you can address the issues you're facing with Multi-factor Authentication (MFA):
Setting the Login Landing Page for 2FA:

Ensure that the MFA system is properly set up and enabled.
When a user logs in with their username and password, Joomla should automatically redirect them to the "captive login" page to enter their second step verification, such as a code from Google Authenticator. (link refer)
If users are being redirected to the homepage instead of the 2FA page, check the plugin settings to ensure that the redirection is configured correctly. Also, verify that there are no conflicts with other extensions or custom codes that might be affecting the login flow. link refer

2/ Setting the Return Page After 2FA Session Timeout:

Joomla's session timeout should not typically result in a 404 page. It might be an issue with the session handling or a misconfiguration.
Check the global configuration for the system settings related to session lifetime and ensure that the session handler is properly configured.
For the redirection after session timeout, you may need to look into the login module settings or the menu item linked to the user profile to set up a proper redirection. link refer
If the issue persists, consider checking the error logs for any specific errors that occur when the session times out and address them accordingly.

Remember to clear your cache and test in a private browsing window to rule out caching issues during your troubleshooting process.