Calling "/system/sling/logout" clears jackrabbit repo token, which can be validated in "/system/console/tokenmgr". But what is the way to implement this programmatically, without calling the redirect to "/system/sling/logout", since I need to do more processing, namely redirect the user to the proper page after logging out.
Tried injecting org.apache.sling.api.auth.Authenticator and calling logout - that did not drop CRX login token. Also tried calling javax.jcr.Session.logout() - this did not clear repo token either.
Thanks in advance!
Solved! Go to Solution.
Views
Replies
Total Likes
Hi,
You can do logout similar to
@Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL) private volatile Authenticator authenticator; doLogout(){ // Logout AEM session removeAllSessionCookies(request, response); final org.apache.sling.api.auth.Authenticator currentThreadAuthenticator = this.authenticator; if (currentThreadAuthenticator != null) { String postLogoutRedirectUrl = /custom-logout-page.html; org.apache.sling.auth.core.AuthUtil.setLoginResourceAttribute(request, postLogoutRedirectUrl); currentThreadAuthenticator.logout(request, response); } }
The above code is just for reference, you have to handle errors if you is it for production
@parabellumium have you tried resource query parameter which will redirect to target page after performing login/logout functionality. It works for both login and logout pages.
{aemdomain}/system/sling/logout.html?resource=/abcd.html
@parabellumium
Cookies play a important role to maintain the login session. So in case for AEM ( Author or Publisher) you can simply remove the "login-token" which makes user logout.
Hi,
You can do logout similar to
@Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL) private volatile Authenticator authenticator; doLogout(){ // Logout AEM session removeAllSessionCookies(request, response); final org.apache.sling.api.auth.Authenticator currentThreadAuthenticator = this.authenticator; if (currentThreadAuthenticator != null) { String postLogoutRedirectUrl = /custom-logout-page.html; org.apache.sling.auth.core.AuthUtil.setLoginResourceAttribute(request, postLogoutRedirectUrl); currentThreadAuthenticator.logout(request, response); } }
The above code is just for reference, you have to handle errors if you is it for production