Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

AEM Session Timeout Extension

Avatar

Level 3

Hi Friends,

 

please help understand how we can detect the user session expiration programmatically and show alert box whether to continue or end the login user session?

do we have any AEM OOTB feature to do this?

Any thoughts would be appreciated.

 

Ravi 

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

1. Here you could see I have created 3 users in LDAP apache directory studio -

DEBAL_DAS_0-1641724295055.png

2. I have synchronized these apache DS users and imported to AEM -

DEBAL_DAS_1-1641724427539.png

 

DEBAL_DAS_2-1641724573258.png

3. I have captured all these information in ldap.log file (configured in AEM) , even authentication part also -

DEBAL_DAS_3-1641724682252.png

4. You could see I have logged in as "debalarchitect" -

DEBAL_DAS_5-1641725056814.png

 

5. Finally getting logged out and requested to login again if the session remains inactive for 30 mins -

DEBAL_DAS_4-1641724929463.png

 

Hope this will help. I have integrated AEM 6.5.9 with Apache Directory Studio 2.0.0-M14

View solution in original post

8 Replies

Avatar

Employee Advisor

In AEM , we do have following OOTB configuration - Apache jackrabbit oak TokenConfiguration and it has Token Refresh option as shown below -

 

DEBAL_DAS_0-1641118863642.png

 

Intentionally I have reduced the token expiration time to 30 min (1800000 ms) here.

Note: The default token expiration time for AEM is 43200000 ms (12 hours). Please restart your AEM instance if you make any changes to Apache jackrabbit oak TokenConfiguration.

 

After setting the token refresh option if you notice login refresh isn't working then please refer following link : https://helpx.adobe.com/experience-manager/kb/login-session-refresh-not-working.html.

 

Though I didn't  get alert box to continue but I am able to continue after 30 min also. 

 

Hope this will help.

 

Thank

Avatar

Level 3

Thanks for your inputs.

I have the same settings for my AEM instance as well.

The problem here is that I am not navigated to login screen post session remains inactive for 30 mins and if I do any operation on the screen. it just errors out, which is for sure because of that session has expired.

Hence, I wanted to create a customized coral UI that increases the expiration time based on the user's wish(either continue or end the session).

By the way, 

Are you logged out and requested to login again if the session remains inactive for 30 mins? Have you tried this?

 

please note : I have SSO enabled with LDAP.

Avatar

Employee Advisor

I am getting below popup on my local AEM instance if I remain inactive for 30 mins -

 

DEBAL_DAS_0-1641204278745.png

Then click on 'OK' , getting logout and redirected to login screen.

Avatar

Level 3

I think that there is sso enabled with my aem application. Hence I don't get the same pop up.

Any thoughts if sso enabled, how we can enforce the user to login again or refresh the page to sync with Identity provider(SSO enabled) just as we reach session expiration.

 

 

Avatar

Correct answer by
Employee Advisor

1. Here you could see I have created 3 users in LDAP apache directory studio -

DEBAL_DAS_0-1641724295055.png

2. I have synchronized these apache DS users and imported to AEM -

DEBAL_DAS_1-1641724427539.png

 

DEBAL_DAS_2-1641724573258.png

3. I have captured all these information in ldap.log file (configured in AEM) , even authentication part also -

DEBAL_DAS_3-1641724682252.png

4. You could see I have logged in as "debalarchitect" -

DEBAL_DAS_5-1641725056814.png

 

5. Finally getting logged out and requested to login again if the session remains inactive for 30 mins -

DEBAL_DAS_4-1641724929463.png

 

Hope this will help. I have integrated AEM 6.5.9 with Apache Directory Studio 2.0.0-M14

Avatar

Level 1

Hi @DEBAL_DAS 

This seems to be working but it is logging me out for active session also after the time which I have configured is passed.

 

Do I have to do any setting specifically for "inactive" case.

 

Thanks in advance !!

Avatar

Employee Advisor

I didn't do any configuration specifically for inactive case when I did this exercise.

 

Please refer this blog post: https://medium.com/@debal.india2014/how-to-deal-with-oak-login-token-session-expiration-and-token-re...