Expand my Community achievements bar.

AEM as a Cloud Service – Session Not Extending Despite refreshToken=true in Publishers

Avatar

Level 2
Level 2
6/26/25 10:28:49 PM

 

Hi all,

 

I’m using AEM’s out-of-the-box session extension feature configured through the OSGi service org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl, with refreshToken=true.

 

This works as expected in my local author and RDE publisher environments. When a user performs activity after half the session timeout, the session is extended. I’ve verified this by checking the rep:exp property under /home/users/<user>/.tokens/<tokenId>, which gets updated correctly.

 

However, in the AEM as a Cloud Service (Dev Publisher) environment, this behavior is not observed:

  • Sessions expire exactly at the timeout, regardless of user activity.
  • I also don’t see any .tokens node under user home paths.

 

Is this a known limitation or behavior difference in AEM Cloud publishers?

Has anyone faced something similar, or found a workaround?

 

Appreciate any insights!

Thanks.

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Experience Manager as a Cloud Service User and Groups Workflow

Views

177

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Community Advisor
Community Advisor
6/27/25 1:40:28 AM

Hi @Sku4 ,

In AEM as a Cloud Service, session management for the publish environment primarily relies on Adobe Identity Management System (IMS) and token-based authentication,
leveraging encapsulated tokens for enhanced performance and scalability. This approach replaces traditional session management techniques, especially in clustered environments.

Adobe IMS and Token-Based Authentication:
AEM as a Cloud Service utilizes Adobe IMS for user authentication and authorization.
Instead of storing session data on the publish instances, users are authenticated via IMS, and a token (often an access token) is used to identify and authorize subsequent requests.
This token is securely managed and passed between the client and the AEM publish instance.

 

-Tarun

Views

159

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
6/27/25 2:16:35 AM
In response to TarunKumar

Hey Tarun, 

Thank you for the response.

I am curious on session extension? how does AEM session extension work in this scenario?

Views

154

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
6/27/25 10:27:13 AM

Hi @Sku4 ,

Yes there is limitation for encapsulated token. You may cross check if encapsulated token is enabled. You may try after disabling the same.
Reference https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-21491

Thanks

Views

137

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
7/2/25 2:51:20 AM

@Sku4 Just checking in — were you able to resolve your issue?
We’d love to hear how things worked out. If the suggestions above helped, marking a response as correct can guide others with similar questions. And if you found another solution, feel free to share it — your insights could really benefit the community. Thanks again for being part of the conversation!



Kautuk Sahni

Views

88

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM htl server side Language

Views

28

Likes

0

Replies

2
AEM Forms brings Interactive Communication to Cloud Services – now in Early Access

Views

72

Likes

3

Replies

0
AEM OSGI Configuration

Views

81

Likes

0

Replies

2
Very simple template and a component

Views

183

Likes

0

Replies

6
AEM GoogleMap integration

Views

191

Likes

0

Replies

4