Expand my Community achievements bar.

Persisting User Login/Session

Avatar

Level 8

I have a site where a user logs in and the request object is authenticated, i can also see that the user is authenticated by checking the CQ_Analytics object and checking the user profile data to see that isLoggedIn is true.

If the user closes their browser and navigates back to the site, the request is now unauthenticated, but, the CQ_Analytics object still recognizes the user as logged in.

How can i persist the login on the request so that the user stays logged in until they logout, or clear their cookies?

8 Replies

Avatar

Level 7

Please check how the cookie is handled in your application. Its seems that on browser close the cookie getting invalidated somehow and thus this problem

Avatar

Level 8

It's just using the standard AEM login by posting to j_security_check.  We don't have anything custom in the login what so ever.

Avatar

Level 7

Understood, what I know of j_security_check is that it should be doing session management with cookie by default. Could you please look when your user is logging in is some cookie is created and stored and if yes then, after restarting the browser if the cookie is still present or not?

Avatar

Level 8

Sorry for the late reply here.  A cookie is created "login-token" but it's a session cookie, so when the browser closes out, the cookie also goes bye bye.  I need to change this to keep the cookie.

Avatar

Level 10

I believe that Justin covered this at ATE on AEM Secure Sites. http://scottsdigitalcommunity.blogspot.ca/2015/02/creating-custom-authentication-handlers.html

See the article - and the link to ATE is at the start of the article - in the table. 

Avatar

Level 8

Thanks Sam.  The code in there is actually pretty much what I have, and that too does not persist the login after the browser is closed.

Avatar

Level 8

This is still an issue and DayCare thus far have been unable to assist.

One thing I noticed is that the login-token cookie generated by AEM is for session only.  I looked through the OSGI configuration console for things like "token", "login" and "authentication" to try to find a configuration where i could change this but was not successful.  Is there such a thing?

Avatar

Level 7

If you have already lodged a day care ticket please post the solution here and close this ticket.

 

Thanks

Tuhin