Issue/Problem/Symptoms:
On PIM 12.8 CF1: Once the session timeout is reached, you click on any link and you are requested to enter the credentials again, after the credentials are validated you are redirected to the page you wanted to go.
On PIM 12.8 CF3: Once the session timeout is reached, you click on any link and you are requested to enter the credentials again, after the credentials are validated you are redirected to the Logout page, then customer has to modify the browser’s URL to the PIM login page, enter the credentials and then click the link he wanted to go.
Environment:
PIM 12.8 CF1 / PIM 12.8 CF3
Cause:
This is a result of a vulnerability which exists on pre-CF3 and can be exploited, in CF1 we were not having CSRF validation in place, when we submit a request to server, for each request CSRF unique token will be validated and in the case that the token is not available or not valid the system will log out the user. This is the reason for the reported behavior.
So to summarize, this is an expected behavior on PIM 12.8 CF3 as when user is logged out then the CSRF token becomes invalid and you can not login with the same token post session time out, so please close the browser and access the URL again.