Submissions are now open for the 2026 Adobe Experience Maker Awards.
Local AEM Error - HTTP ERROR 500 Server Error
Hi @NageshRaja ,
Based on the logs you shared. AEM’s token authentication handler is receiving an empty token (e.g., empty login-token cookie or header) during requests like /login.html or /favicon.ico. That causes TokenCredentials to throw Invalid token.
The solution approach is provided below.
- Serve favicon.ico and other static assets from dispatcher or web server instead of AEM.
- Fix logout or SSO flow so that the login-token cookie is properly expired rather than set to a blank value. Example:
Set-Cookie: login-token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure - If you are not using token authentication, disable the CRX Token Authentication Handler through OSGi configuration.
-
Search for CRX Token Authentication Handler (PID similar to com.day.crx.sling.crx-auth-token or com.day.crx.security.token.impl.TokenAuthenticationHandler)
-
In the configuration, clear the value of the property "path" (leave it empty) and save. This disables the handler.
- Optionally, at dispatcher or reverse proxy level, strip any empty login-token cookies before forwarding requests to AEM.
Shiv Prakash
Hi @NageshRaja,
In addition to @Shiv_Prakash_Patel Verify: In DevTools/HAR, check Cookie: header for login-token= with no value.
See if this helps:
-
Logout/SSO: Don’t set a blank cookie - expire it instead:
Set-Cookie: login-token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure -
Static files: Serve favicon.ico (and other static assets) from Dispatcher/web server, not AEM.
-
Not using token auth? In OSGi ConfigMgr → Adobe Granite Token Authentication Handler, remove path bindings/disable it.
-
Edge guard (optional): At proxy/Dispatcher, strip empty login-token cookies before forwarding to AEM.
Santosh Sai
