Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

How to manage user (client) session in Adobe EM 6.1

Avatar

Level 2

Hi all,

I'm new in Adobe EM and I'd really appreciate some help. I would like to know how Adobe EM manages the user sessions...

I have a site with several pages. I was able to validate user credentials against the repository (login process) but I don't know how to manage this between the different pages because currently when I navigate to another page I lose my credentials. I need to know this because I would also like to add a shopping cart so navigation between pages doesn't lose the user credentials and the products selected by the client.

Any ideas? Is there any documentation I can check?

Thanks in advance for your help!

Best regards.

5 Replies

Avatar

Level 9

Have you explored Sling authentication document?.

https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authentication...

In short, AEM creates a token and store it at the user level (.token node under /home/user/admin/.token). And, for each subsequent request keeps this token information.

---Jitendra

Avatar

Level 10

There are multiple ways to handle the same like you can manage by creating a sessionId or cookie when user is authenticated. check for the same in all the pages and get the details.

However, AEM should be used mainly as stateless application. You can manage the sessions and order management in an external java application and integrate it with AEM to manage the session better and effectively !

Hi Lokesh,

Do you have any examples of this type of integration and how it would work?

Avatar

Level 10

See this Ask the AEM Community Experts webinar on this subject:

https://helpx.adobe.com/experience-manager/using/secure_sites.html

Link to the webinar at the start of article in the table.

Avatar

Level 2

Hi all,

thanks for your answers but I'm still lost :( Let me try to explain my doubt in more detail.

1) As I told you I was able to do the user login (custom login) using a Java servlet in the following way:

protected void doPost(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServerException, IOException 

    {

        ResourceResolver rs = request.getResourceResolver();
        Session s = rs.adaptTo(Session.class);
        String user = request.getParameter("username");
        String password = request.getParameter("password");
               
        //check if the user exists
        UserManager userManager = rs.adaptTo(UserManager.class);
        try
        {
            Authorizable auth = userManager.getAuthorizable(user);
            if (auth != null)
            {
                //credentials validation
                Repository repo = s.getRepository();
                SimpleCredentials credentials = new SimpleCredentials(user, password.toCharArray());
                
                try 
                {        
                      Session session = repo.login(credentials);

 

2) Previous code works (I'm calling it from my jsp using ajax) but as I'm trying to do a shop I also need to manage shopping cart and orders information. I've seen the 'CommerceSession' and 'CommerceService' in Adobe documentation but, to be honest, I don't  know how to relate both with the login process. I mean, how the CommerceSession can know that the user which is "shopping" is the one previously validated in login process?

Any idea, documentation, course? Maybe I'm doing this too complex? What am I missing? Thanks in advance for your help!

Best regards.