Adobe Experience Manager Sites & More

Permalink · 10/15/15

Hey guys,

Is it advisable to utilize CQ's user session management to handle public login users ? We have a external authentication mechanism, but there is no session handling involved in the authentication. I'm thinking of using CQ's inbuilt functionalities to handle user session. I'm estimating about max 5000 concurrent users across a stickied 4 publisher environment. Would it work ? is it best to write a custom session handler ?

Thanks !

kalyanar · 10/15/15

Are you talking about HTTPSession or just user session? In CQ, this is done client side via cookies. Typically, we use a separate IDP and use protocols like SAML and not store creds in CQ. This is scalable for any number of users.

View solution in original post

kalyanar · 10/15/15

Are you talking about HTTPSession or just user session? In CQ, this is done client side via cookies. Typically, we use a separate IDP and use protocols like SAML and not store creds in CQ. This is scalable for any number of users.

Permalink · 10/15/15

Yup i'm talking about the HTTPsession, we have a external IDP which only does the authentication(sending a userID/password, returns if true/false authenticated) afterwhich we will have to maintain the session with the server. We thinking of using com.adobe.granite.security.user.UserProperties for user sessions, however the implication of that is that for every new unique user authenticated from the IDP, we will have to create a CQ user in order to use the com.adobe.granite.security.user.UserProperties.

We're looking aprox 1 mil unique cq users and aprox 5000 concurrent users utilizing the http session within CQ across 4 publisher, do you think it will hold ? or should we externalize the session handling ?

Thanks !

Adobe Experience Manager Sites & More

CQ User Session for public login (aprox 1mil users)

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe