Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

Method call in addition to session logout in AEM

Avatar

Level 5

Requirement

Implementing session management

Session duration is 30 mins

After 30 mins, user session should be terminated and local data stored should be deleted.

For the logout functionality, I've written a separate servlet that will be triggered on click on 'Logout' button. It will delete all the local user data stored in AEM.

Now, my requirement is that if the user does not click on logout button and leave the session idle, session needs to logout after 30 mins automatically along with user data deletion. For the later part to happen, I need to call the method written in the servlet. How can I implement this?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @goyalkritika ,

You can make use of Oak login token session expiration.

 

The steps to do that can be found in the below link

How to set the Oak login token session expiration | Adobe Experience Cloud


View solution in original post

7 Replies

Avatar

Community Advisor

Hello @goyalkritika - 

 

You can follow below implementation approach : 

 

  1. Use JavaScript to detect user activity or inactivity on the client-side. You can listen for mouse movements, keyboard events, or any other user interactions to determine if the user is active or idle.

  2. When the user becomes inactive, start a timer using JavaScript's setTimeout() function. Set the timer to 30 minutes.

  3. In the timer callback function, make an AJAX request to your logout servlet or the desired endpoint to trigger the deletion of local user data in AEM.

  4. Additionally, If the user becomes active again before the timer expires, cancel the timer using JavaScript's clearTimeout function. You can listen for user activity events and cancel the timer whenever activity is detected.

Avatar

Level 5

The duration of session does not depend on the user activeness or inactiveness. There is a fix 30 mins window for one session. 

My concern is how can I make a call to a method to delete the user data just after I'm logging out the user session at AEM end using Java.

Avatar

Community Advisor

@goyalkritika  - 

 

 

var inactivityTimer;

function resetTimer() {
  clearTimeout(inactivityTimer);
  inactivityTimer = setTimeout(logoutAndDeleteUserData, 30 * 60 * 1000); // 30 minutes
}

function logoutAndDeleteUserData() {
  // Make an AJAX call to your servlet endpoint for logout and data deletion
  // Example:
  // $.post('/path/to/your/servlet', function(data) {
  //   // Handle the response
  // });
  window.location.href = '/path/to/your/logout/page'; // Redirect the user to a logout page
}

// Start the initial timer when the page loads
resetTimer();

 

Have you tried doing something like this? 

Avatar

Level 5

I have written a session logout API. And since user data deletion is a reusable task, I've created a method out of that. 

The session management logic is part of another API. And I need to call the user data deletion method in this API. There is no DOM activity that I need to perform. That is being taken care by the frontend. I need to send the right response and rendering & redirection will be taken care by frontend team.

 

What I'm thinking of termination the session is something like this - 

 

HttpSession session = request.getSession();
session.setMaxInactiveInterval(30 * 60);

After this I'm not sure how to call that method so that I can delete the locally stored user data as well.

Avatar

Correct answer by
Community Advisor

Hi @goyalkritika ,

You can make use of Oak login token session expiration.

 

The steps to do that can be found in the below link

How to set the Oak login token session expiration | Adobe Experience Cloud


Avatar

Level 1

That helps to specify when a session should be expired, but what about triggering an action when a session is going to expire? Something similar to what the HttpSessionListener interface does? Is there something in AEM we can use to trigger an action when a session or a token is going to expire? 

 

I haven't been able to find a way to emulate this type of behavior.