Adobe Experience Manager Sites & More

Murali89 · 10/15/15

How to handle a user specific session in AEM, Is it fine to use HTTP Session so that i can store some attributes of user using session.setattribute method. Or is there any other way to handle user specific sessions in AEM?

Opkar_Gill · 10/15/15

Hi Murali,

As AEM is built on REST principles, the product does not maintain session state between requests. However, there is nothing stopping you using a session from CQSE/Jetty. Another option would be to store this in a cookie, but some clients don't approve of this approach.

If you have more than one instance that is running your code, then the session will not be replicated across the instances, so you would have to maintain a sticky connection.

The requirement for maintaining session data often comes from multi page forms, and an approach to this would be to create a single page app.

What is your use case?

Regards,

Opkar

View solution in original post

Opkar_Gill · 10/15/15

Hi Murali,

As AEM is built on REST principles, the product does not maintain session state between requests. However, there is nothing stopping you using a session from CQSE/Jetty. Another option would be to store this in a cookie, but some clients don't approve of this approach.

If you have more than one instance that is running your code, then the session will not be replicated across the instances, so you would have to maintain a sticky connection.

The requirement for maintaining session data often comes from multi page forms, and an approach to this would be to create a single page app.

What is your use case?

Regards,

Opkar

Murali89 · 10/15/15

We have a login page where the user will login, Once he logs in we will redirect him to a shopping page. Whatever things he adds it to his cart we will have to hold that information in session when he navigates to any other page before he logs out. is it fine if i use HTTP session?? Any suggestions for this??

Opkar_Gill · 10/15/15

Hi,

if you look at the way Commerce Framework in AEM works with Hybris [1], you will notice the session information is stored in the commerce engine, a session ID cookie corresponding to the session is stored in AEM.

What commerce engine are you using?

You could use an http session, but be aware of the limitations.

Regards,

Opkar

[1] https://docs.adobe.com/docs/en/aem/6-0/develop/ecommerce/hybris.html#Session Handling

Murali89 · 10/15/15

Thanks for the quick response opkar, Details and some more questions as below.

We are using hybris, lets assume hybris returns a session id ( or OAUTH Token), Should AEM persist this token in aem and then clean it up once user logs out? Also should we be handling this OAUTH token using HTTP session? If we have to persist that token in AEM is there any example available?

To keep my question simple How do we handle the session id (or OAUTH Token) in AEM for a particular user session.

Opkar_Gill · 10/15/15

Hi,

the documentation only has examples of the session id being stored as a cookie in the users browser. I haven't come across examples of it being stored in AEM (nothing stopping you doing this). Is there any reason you would not want to use a cookie and are looking at storing it in AEM?

If you are using AEM and Hybris then it makes sense to use the AEM eCommerce framework and the approach it implements[1], unless of course there is a specific use case it does not cover.

Regards,

Opkar

https://docs.adobe.com/docs/en/aem/6-1/administer/ecommerce.html#The Framework

smacdonald2008 · 10/15/15

When working in AEM - you use a javax.jcr.Session using the Sling getServiceResourceResolver method:

//Invoke the adaptTo method to create a Session
resolver = resolverFactory.getServiceResourceResolver(param);
session = resolver.adaptTo(Session.class);

See this community article as an example:

https://helpx.adobe.com/experience-manager/using/querying-experience-manager-sling.html