Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
Learn More
SOLVED

Handle Session Timeout - AEM war in Tomcat

Avatar

Level 1
Level 1
3/8/16 9:17:34 AM

Hi All,

In our application development we are using AEM deployed as an war in tomcat 8. Now there is an requirement to implement session timeout. The detail use case is as below

Requirement: the application should redirect to Login page if the session timeout reaches 30min. Session timeout will be updated in web.xml

Need inputs on how to implement the above requirement. Few questions are below

1) Is AEM contains HTTPSession as it is deployed in tomcat? if so how to handle the HTTPSession in AEM as by default AEM dosent maintain HTTPSession

2) Do we need to write any Custom Authentcator hadler to check the session time out? if so how to retrieve session timeout value updated in web.xml in custom handler

Views

1.2K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
3/8/16 1:17:53 PM

Hi,

The fact, that a user has logged in successfully, isn't stored inside a http session, but rather as token inside the repository. Therefor the lifetime of a http session doesn't have any influence. You rather need to configure the lifetime on the token itself. You can do this at [1].

To your questions:

1) You can use http sessions, but you don't have to. It's highly recommended to avoid server-side state.

2) You don't need to.

kind regards,
Jörg

 

[1] http://localhost:4502/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.tok...

View solution in original post

Views

832

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
3/8/16 1:17:53 PM

Hi,

The fact, that a user has logged in successfully, isn't stored inside a http session, but rather as token inside the repository. Therefor the lifetime of a http session doesn't have any influence. You rather need to configure the lifetime on the token itself. You can do this at [1].

To your questions:

1) You can use http sessions, but you don't have to. It's highly recommended to avoid server-side state.

2) You don't need to.

kind regards,
Jörg

 

[1] http://localhost:4502/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.tok...

Views

833

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
3/8/16 5:42:43 PM
        Thanks jorg hoh I got the understanding now. But one more question is if we need to redirect to our own login page instead if aem default login page when the session is timed out .how to achieve .

Views

728

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How to fetch multifield item's content from the below JSON in junits Solved

Views

101

Likes

0

Replies

3
How to access aem API for outside user . Solved

Views

127

Likes

0

Replies

3
Is it possible to have an optional variable in a Content Fragment GraphQL query

Views

30

Likes

0

Replies

0
consuming content headless aem 6.5 oauth or token authentication

Views

45

Likes

0

Replies

1
Asset properties References is empty in AEM 6.5.20.

Views

52

Likes

0

Replies

2