I created a readonly role named 'alice', and set password
log in with the username--alice and the correct password
try to do some manage work, like modify pools name
the UI reports Your login appears to have expired. Try looging back in again then turn to login in page
I think this handle is not right-thinking. It's my opinion that readonly role should only see the "readonly" page or when they do manage work, give them tips like "you have not be authorized"