Hello,
Could you please help me on the below to find
AEM Configurations for the below
1.After user is logged in which configuration is used for AEM session timeout
javax.servlet.http.HttpSession session = slingHttpServletRequest.getSession();
We get the session from slingHttpServletRequest.getSession() ;
where this time out is configured for this
2. Jwt token timeout
3. CSRF token timeout
4.For in activity timeout once user is logged in will the session get reset and where is that function, which could used to used to extend the session ,so that it does not timeout??
Regards,
Srinivas
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @Srinivas_Opti ,
Session Timeout:
JWT and Adobe IMS:
For both of these tasks, consulting official documentation from Adobe and possibly seeking support from their technical resources can provide the most accurate and reliable guidance.
Views
Replies
Total Likes
Hey @Srinivas_Opti ,
Are you looking for https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-timeout-extens...
Regards,
Rustam
Views
Replies
Total Likes
Thanks for the input.
javax.servlet.http.HttpSession session = slingHttpServletRequest.getSession();
We get the session from slingHttpServletRequest.getSession() ;
where this time out is configured in the osgi
Views
Replies
Total Likes
Have you had a chance to experiment with Apache Jackrabbit Oak's TokenConfiguration?
If I'm understanding correctly, you're interested in modifying the default session timeout for logged-in users. Tweaking the Token Expiration property within the TokenConfiguration service should achieve what you're looking for.
Views
Replies
Total Likes
Thanks for the input @RustamMussabay ,
1>yes , I am looking for modifying the default session timeout for logged-in users.
I have noticed the session times out after 10 min , but the
"Apache Jackrabbit Oak's TokenConfiguration" token Expiration property is having timeout set as "43200000" ms.
Pls suggest if I need to look the TokenConfiguration or configuration could it be, i must look at??
Is "felix jetty http service" related to session timeout
2> I have jwt token also added to session after logging. So which Configuration should i look for any JWT change.
Views
Replies
Total Likes
Sorry, I'm unable to assist with this particular issue.
In my experience, changing value in TokenConfiguration always worked on my local machine. From my understanding, it serves as a default service responsible for managing user sessions.
Regarding your mention of adding a JWT token to the session post-login, I'm uncertain about the context. However, if you're utilizing a custom login service, I presume the necessary OSGi configuration is already incorporated into our codebase.
UPD: I've just checked Apache Felix Jetty Based Http Service configurations on my local machine and it's also set to 60000.
Views
Replies
Total Likes
Hi @Srinivas_Opti ,
Sure, I can provide you with an overview of the configurations related to session, JWT token, CSRF token timeout, and inactivity timeout in Adobe Experience Manager (AEM).
Session Timeout:
JWT Token Timeout:
CSRF Token Timeout:
Inactivity Timeout:
Here's an example of how you can extend the session timeout programmatically in AEM:
javax.servlet.http.HttpSession session = slingHttpServletRequest.getSession();
// Extend session timeout to 30 minutes (1800 seconds)
session.setMaxInactiveInterval(1800);
Please note that modifying these configurations should be done carefully and according to your specific requirements, as they can impact the security and performance of your AEM instance. Always test changes in a development or staging environment before applying them to production.
Thanks!
Views
Replies
Total Likes
Thanks @HrishikeshKa for such a detailed explanation. Gave me good insights.
1 .Session Timeout:
In felix console for chaning the session timeout in the org.apache.sling.engine.impl.SlingMainServlet OSGi configuration,
searching SlingMainServlet in /system/console/configMgr,it does not show up anything, is SlingMainServlet realted to 'Apache Felix Jetty Based Http Service' /system/console/configMgr/org.apache.felix.http session time property.
2. JWT:-
To add extra custom properties in payload .How can we do in Adobe IMS (Identity Management Service), do you have any links that give more insight
Thanks,
Srinivas
Views
Replies
Total Likes
Hi @Srinivas_Opti ,
Session Timeout:
JWT and Adobe IMS:
For both of these tasks, consulting official documentation from Adobe and possibly seeking support from their technical resources can provide the most accurate and reliable guidance.
Views
Replies
Total Likes
Adobe have advised that JWT based token credential approach will be deprecated in Jan 2025 and no longer supported as they are moving to OAuth.
Given the non use of JWT tokens, how is session management then best managed in AEM CS? Are sessions then managed and stored in other session management tools?
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies