Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Logout functionality in Publish

Avatar

Level 1

Calling "/system/sling/logout" clears jackrabbit repo token, which can be validated in "/system/console/tokenmgr". But what is the way to implement this programmatically, without calling the redirect to "/system/sling/logout", since I need to do more processing, namely redirect the user to the proper page after logging out.

Tried injecting org.apache.sling.api.auth.Authenticator and calling logout - that did not drop CRX login token. Also tried calling javax.jcr.Session.logout() - this did not clear repo token either.

 

Thanks in advance!

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

You can do logout similar to

@Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
  private volatile Authenticator authenticator;

doLogout(){
// Logout AEM session
      removeAllSessionCookies(request, response);
      final org.apache.sling.api.auth.Authenticator currentThreadAuthenticator = this.authenticator;
      if (currentThreadAuthenticator != null) {
        String postLogoutRedirectUrl = /custom-logout-page.html;
          org.apache.sling.auth.core.AuthUtil.setLoginResourceAttribute(request, postLogoutRedirectUrl);
          currentThreadAuthenticator.logout(request, response);
      }
}

The above code is just for reference, you have to handle errors if you is it for production

View solution in original post

3 Replies

Avatar

Community Advisor

@parabellumium have you tried resource query parameter which will redirect to target page after performing login/logout functionality. It works for both login and logout pages.

 

{aemdomain}/system/sling/logout.html?resource=/abcd.html

Avatar

Community Advisor

@parabellumium 

Cookies play a important role to maintain the login session. So in case for AEM ( Author or Publisher) you can simply remove the "login-token" which makes user logout.

Avatar

Correct answer by
Community Advisor

Hi,

You can do logout similar to

@Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
  private volatile Authenticator authenticator;

doLogout(){
// Logout AEM session
      removeAllSessionCookies(request, response);
      final org.apache.sling.api.auth.Authenticator currentThreadAuthenticator = this.authenticator;
      if (currentThreadAuthenticator != null) {
        String postLogoutRedirectUrl = /custom-logout-page.html;
          org.apache.sling.auth.core.AuthUtil.setLoginResourceAttribute(request, postLogoutRedirectUrl);
          currentThreadAuthenticator.logout(request, response);
      }
}

The above code is just for reference, you have to handle errors if you is it for production