Handle Session Timeout - AEM war in Tomcat

Question

Hi All,In our application development we are using AEM deployed as an war in tomcat 8. Now there is an requirement to implement session timeout. The detail use case is as belowRequirement: the application should redirect to Login page if the session timeout reaches 30min. Session timeout will be updated in web.xmlNeed inputs on how to implement the above requirement. Few questions are below1) Is AEM contains HTTPSession as it is deployed in tomcat? if so how to handle the HTTPSession in AEM as by default AEM dosent maintain HTTPSession2) Do we need to write any Custom Authentcator hadler to check the session time out? if so how to retrieve session timeout value updated in web.xml in custom handler

joerghoh · Accepted Answer

Hi,The fact, that a user has logged in successfully, isn't stored inside a http session, but rather as token inside the repository. Therefor the lifetime of a http session doesn't have any influence. You rather need to configure the lifetime on the token itself. You can do this at [1].To your questions:1) You can use http sessions, but you don't have to. It's highly recommended to avoid server-side state.2) You don't need to.kind regards,Jörg[1] http://localhost:4502/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl

AEM48647622 · Answer

Thanks jorg hoh I got the understanding now. But one more question is if we need to redirect to our own login page instead if aem default login page when the session is timed out .how to achieve .

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded