Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Logout functionality in Publish

Avatar

Level 1

Calling "/system/sling/logout" clears jackrabbit repo token, which can be validated in "/system/console/tokenmgr". But what is the way to implement this programmatically, without calling the redirect to "/system/sling/logout", since I need to do more processing, namely redirect the user to the proper page after logging out.

Tried injecting org.apache.sling.api.auth.Authenticator and calling logout - that did not drop CRX login token. Also tried calling javax.jcr.Session.logout() - this did not clear repo token either.

 

Thanks in advance!

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

You can do logout similar to

@Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
  private volatile Authenticator authenticator;

doLogout(){
// Logout AEM session
      removeAllSessionCookies(request, response);
      final org.apache.sling.api.auth.Authenticator currentThreadAuthenticator = this.authenticator;
      if (currentThreadAuthenticator != null) {
        String postLogoutRedirectUrl = /custom-logout-page.html;
          org.apache.sling.auth.core.AuthUtil.setLoginResourceAttribute(request, postLogoutRedirectUrl);
          currentThreadAuthenticator.logout(request, response);
      }
}

The above code is just for reference, you have to handle errors if you is it for production



Arun Patidar

View solution in original post

3 Replies

Avatar

Community Advisor

@parabellumium have you tried resource query parameter which will redirect to target page after performing login/logout functionality. It works for both login and logout pages.

 

{aemdomain}/system/sling/logout.html?resource=/abcd.html

Avatar

Community Advisor

@parabellumium 

Cookies play a important role to maintain the login session. So in case for AEM ( Author or Publisher) you can simply remove the "login-token" which makes user logout.

Avatar

Correct answer by
Community Advisor

Hi,

You can do logout similar to

@Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
  private volatile Authenticator authenticator;

doLogout(){
// Logout AEM session
      removeAllSessionCookies(request, response);
      final org.apache.sling.api.auth.Authenticator currentThreadAuthenticator = this.authenticator;
      if (currentThreadAuthenticator != null) {
        String postLogoutRedirectUrl = /custom-logout-page.html;
          org.apache.sling.auth.core.AuthUtil.setLoginResourceAttribute(request, postLogoutRedirectUrl);
          currentThreadAuthenticator.logout(request, response);
      }
}

The above code is just for reference, you have to handle errors if you is it for production



Arun Patidar