Adobe Experience Manager Sites & More

NageshRaja · 9/12/25

Here's my error log stack -

12.09.2025 13:40:26.338 *ERROR* [qtp698919058-316] org.apache.felix.http Exception while processing request to /libs/granite/core/content/login.html
java.lang.IllegalArgumentException: Invalid token ''

at org.apache.jackrabbit.api.security.authentication.token.TokenCredentials.<init>(TokenCredentials.java:48) [org.apache.jackrabbit.oak-jackrabbit-api:1.76.0]
at com.day.crx.security.token.impl.TokenAuthenticationHandler.createCredentials(TokenAuthenticationHandler.java:798) [com.day.crx.sling.crx-auth-token:2.8.0]

12.09.2025 13:50:04.780 *ERROR* [qtp1342307156-69] org.apache.felix.http Exception while processing request to /favicon.ico
java.lang.IllegalArgumentException: Invalid token ''
at org.apache.jackrabbit.api.security.authentication.token.TokenCredentials.<init>(TokenCredentials.java:48) [org.apache.jackrabbit.oak-jackrabbit-api:1.76.0]
at com.day.crx.security.token.impl.TokenAuthenticationHandler.createCredentials(TokenAuthenticationHandler.java:798) [com.day.crx.sling.crx-auth-token:2.8.0]

Any help would be appreciated!

BR,

Nagesh

NageshRaja · 9/15/25

Thanks @SantoshSai, I am not actually setting any cookie manually - The setup worked previously but then suddenly stopped working - I ended up resetting my local post which the error didn't re-occur. I will update if I am able to re-create the scenario when this error re-occurs! Thanks!

View solution in original post

Shiv_Prakash_Patel · 9/12/25

Hi @NageshRaja ,

Based on the logs you shared. AEM’s token authentication handler is receiving an empty token (e.g., empty login-token cookie or header) during requests like /login.html or /favicon.ico. That causes TokenCredentials to throw Invalid token.

The solution approach is provided below.

Serve favicon.ico and other static assets from dispatcher or web server instead of AEM.
Fix logout or SSO flow so that the login-token cookie is properly expired rather than set to a blank value. Example:
Set-Cookie: login-token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
If you are not using token authentication, disable the CRX Token Authentication Handler through OSGi configuration.
1. Go to http://host:port/system/console/configMgr
2. Search for CRX Token Authentication Handler (PID similar to com.day.crx.sling.crx-auth-token or com.day.crx.security.token.impl.TokenAuthenticationHandler)
3. In the configuration, clear the value of the property "path" (leave it empty) and save. This disables the handler.
Optionally, at dispatcher or reverse proxy level, strip any empty login-token cookies before forwarding requests to AEM.

Shiv Prakash

NageshRaja · 9/15/25

Hi @Shiv_Prakash_Patel, I ended up resetting my local as a quick workaround.

The weird thing is the issue was not occurring previously. I don't use Dispatcher just my local AEM author instance for local dev.

SantoshSai · 9/12/25

Hi @NageshRaja,

In addition to @Shiv_Prakash_Patel Verify: In DevTools/HAR, check Cookie: header for login-token= with no value.

See if this helps:

Logout/SSO: Don’t set a blank cookie - expire it instead:
Set-Cookie: login-token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
Static files: Serve favicon.ico (and other static assets) from Dispatcher/web server, not AEM.
Not using token auth? In OSGi ConfigMgr → Adobe Granite Token Authentication Handler, remove path bindings/disable it.
Edge guard (optional): At proxy/Dispatcher, strip empty login-token cookies before forwarding to AEM.

Santosh Sai

NageshRaja · 9/15/25

Thanks @SantoshSai, I am not actually setting any cookie manually - The setup worked previously but then suddenly stopped working - I ended up resetting my local post which the error didn't re-occur. I will update if I am able to re-create the scenario when this error re-occurs! Thanks!

Adobe Experience Manager Sites & More

Local AEM Error - HTTP ERROR 500 Server Error

Santosh Sai

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe