I have a site where a user logs in and the request object is authenticated, i can also see that the user is authenticated by checking the CQ_Analytics object and checking the user profile data to see that isLoggedIn is true.
If the user closes their browser and navigates back to the site, the request is now unauthenticated, but, the CQ_Analytics object still recognizes the user as logged in.
How can i persist the login on the request so that the user stays logged in until they logout, or clear their cookies?
Views
Replies
Total Likes
Please check how the cookie is handled in your application. Its seems that on browser close the cookie getting invalidated somehow and thus this problem
Views
Replies
Total Likes
It's just using the standard AEM login by posting to j_security_check. We don't have anything custom in the login what so ever.
Views
Replies
Total Likes
Understood, what I know of j_security_check is that it should be doing session management with cookie by default. Could you please look when your user is logging in is some cookie is created and stored and if yes then, after restarting the browser if the cookie is still present or not?
Views
Replies
Total Likes
Sorry for the late reply here. A cookie is created "login-token" but it's a session cookie, so when the browser closes out, the cookie also goes bye bye. I need to change this to keep the cookie.
Views
Replies
Total Likes
I believe that Justin covered this at ATE on AEM Secure Sites. http://scottsdigitalcommunity.blogspot.ca/2015/02/creating-custom-authentication-handlers.html
See the article - and the link to ATE is at the start of the article - in the table.
Views
Replies
Total Likes
Thanks Sam. The code in there is actually pretty much what I have, and that too does not persist the login after the browser is closed.
Views
Replies
Total Likes
This is still an issue and DayCare thus far have been unable to assist.
One thing I noticed is that the login-token cookie generated by AEM is for session only. I looked through the OSGI configuration console for things like "token", "login" and "authentication" to try to find a configuration where i could change this but was not successful. Is there such a thing?
Views
Replies
Total Likes
If you have already lodged a day care ticket please post the solution here and close this ticket.
Thanks
Tuhin
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies