How to close user session after 30 minutes of inactivity In AEM 6.1

AEM is REST based, does not have the concept of session which makes every request atomic.  For accessing protected resources at time of successful login, Token authentication handler would issue a login-token cookie and subsequent authentication is based on login-token cookie. With this for all request credentials are not requested till expiry of cookie. Steps to configure the timeout for login-token is

• AEM 5.6.1 or below follow https://forums.adobe.com/thread/1035785
• AEM 6+  configure tokenExpiration at http://<host>:<port>/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl
•  Also make sure to set Token Length otherwise will throw exception "org.eclipse.jetty.servlet.ServletHandler / java.lang.IllegalArgumentException: Invalid token ''"

 

• More details on AEM6+ refer http://jackrabbit.apache.org/oak/docs/security/authentication/tokenmanagement.html