Expand my Community achievements bar.

SOLVED

Handle Session Timeout - AEM war in Tomcat

Avatar

Level 1
Level 1
3/8/16 9:17:34 AM

Hi All,

In our application development we are using AEM deployed as an war in tomcat 8. Now there is an requirement to implement session timeout. The detail use case is as below

Requirement: the application should redirect to Login page if the session timeout reaches 30min. Session timeout will be updated in web.xml

Need inputs on how to implement the above requirement. Few questions are below

1) Is AEM contains HTTPSession as it is deployed in tomcat? if so how to handle the HTTPSession in AEM as by default AEM dosent maintain HTTPSession

2) Do we need to write any Custom Authentcator hadler to check the session time out? if so how to retrieve session timeout value updated in web.xml in custom handler

Views

1.3K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
3/8/16 1:17:53 PM

Hi,

The fact, that a user has logged in successfully, isn't stored inside a http session, but rather as token inside the repository. Therefor the lifetime of a http session doesn't have any influence. You rather need to configure the lifetime on the token itself. You can do this at [1].

To your questions:

1) You can use http sessions, but you don't have to. It's highly recommended to avoid server-side state.

2) You don't need to.

kind regards,
Jörg

 

[1] http://localhost:4502/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.tok...

View solution in original post

Views

926

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
3/8/16 1:17:53 PM

Hi,

The fact, that a user has logged in successfully, isn't stored inside a http session, but rather as token inside the repository. Therefor the lifetime of a http session doesn't have any influence. You rather need to configure the lifetime on the token itself. You can do this at [1].

To your questions:

1) You can use http sessions, but you don't have to. It's highly recommended to avoid server-side state.

2) You don't need to.

kind regards,
Jörg

 

[1] http://localhost:4502/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.tok...

Views

927

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
3/8/16 5:42:43 PM
        Thanks jorg hoh I got the understanding now. But one more question is if we need to redirect to our own login page instead if aem default login page when the session is timed out .how to achieve .

Views

822

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM headless architecture Solved

Views

122

Likes

0

Replies

4
The dynamic table previews correctly in HTML, but when converted to PDF, the page is cut off.

Views

91

Likes

0

Replies

3
How to Render the different version of Header for Specific Pages Using Experience Fragments in AEM?

Views

137

Likes

0

Replies

3
Best Site Search Engine with AEM

Views

124

Likes

0

Replies

5
Sitecore to AEM cloud migration reference implementation

Views

82

Likes

0

Replies

1