Session signed out pop up in Author is not showing up in AEM Sites | Community
Skip to main content
Saravanan_Dharmaraj
Community Advisor
Saravanan_DharmarajCommunity Advisor
Community Advisor
March 25, 2025
Solved

Session signed out pop up in Author is not showing up in AEM Sites

  • March 25, 2025
  • 1 reply
  • 521 views

We are trying to set session timeout for the users in AEM Sites author by configuring the "Apache Jackrabbit Oak TokenConfiguration" to 15 mins(900000) for Token Expiration. 

 

After 15 mins, the token is getting expiration and forcing the user to re-authenticate by taking the user to the IDP which is good and working as expected. But we are not seeing the Session signed out pop up in AEM Sites before taking the user to IDP for authentication. 

 

 

 

We did the same token configuration in AEM Assets , there we see the session signed out pop comes up to indicate the user to re-authenticate. My question is what config determines this pop up to show up or not? Anyone knows why it behaves different between AEM Sites vs AEM Assets.

 

 

 

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by narendiran_ravi

Hi @saravanan_dharmaraj ,

 

I tested this behavior locally by manually removing the tokens from the console (/system/console/tokenmgr). The alert was triggered in both the Assets Console and the Sites Console.

 

During debugging, I found that the popup is triggered based on the following sequence:

  • In /libs/granite/ui/components/shell/clientlibs/shell.js, the updateBadge function makes a ajax request to /mnt/overlay/granite/ui/content/shell/header/actions/pulse.data.json every two seconds.

function updateBadge(el, src, resolveWhenNewData) { var user = el[0].dataset.graniteShellBadgeUser; var label = el[0].dataset.graniteShellBadgeLabelTemplate; getData(user, src, resolveWhenNewData).then(function(data) { el.attr("badge", data.total); if (label) { el.attr("aria-label", label.replace("{{count}}", data.total)); } }); }

  • If the response status is 403 Forbidden, and the header X-Reason is "Authentication Failed", the handleLoginRedirect function is triggered.

  • The handleLoginRedirect method is defined in /etc.clientlibs/clientlibs/granite/utils.js and is called from /etc.clientlibs/clientlibs/granite/jquery/granite.js.

updateBadge function continuously checks for updates, and when the session token is missing or invalid, it triggers an authentication failure, resulting in a forced login redirect.

This should help in your analysis why this behavior is occurring on your sites. Let me know if you need further insights!

1 reply

narendiran_ravi
narendiran_raviAccepted solution
Level 6
March 26, 2025

Hi @saravanan_dharmaraj ,

 

I tested this behavior locally by manually removing the tokens from the console (/system/console/tokenmgr). The alert was triggered in both the Assets Console and the Sites Console.

 

During debugging, I found that the popup is triggered based on the following sequence:

  • In /libs/granite/ui/components/shell/clientlibs/shell.js, the updateBadge function makes a ajax request to /mnt/overlay/granite/ui/content/shell/header/actions/pulse.data.json every two seconds.

function updateBadge(el, src, resolveWhenNewData) { var user = el[0].dataset.graniteShellBadgeUser; var label = el[0].dataset.graniteShellBadgeLabelTemplate; getData(user, src, resolveWhenNewData).then(function(data) { el.attr("badge", data.total); if (label) { el.attr("aria-label", label.replace("{{count}}", data.total)); } }); }

  • If the response status is 403 Forbidden, and the header X-Reason is "Authentication Failed", the handleLoginRedirect function is triggered.

  • The handleLoginRedirect method is defined in /etc.clientlibs/clientlibs/granite/utils.js and is called from /etc.clientlibs/clientlibs/granite/jquery/granite.js.

updateBadge function continuously checks for updates, and when the session token is missing or invalid, it triggers an authentication failure, resulting in a forced login redirect.

This should help in your analysis why this behavior is occurring on your sites. Let me know if you need further insights!

    Saravanan_Dharmaraj
    Community Advisor
    Saravanan_DharmarajCommunity AdvisorAuthor
    Community Advisor
    March 27, 2025

    Thank you @narendiran_ravi for the detailed explanation of the issue and fix. Like you said the pop up functionality is not implemented in Sites , its avaliable only in Assets. I confirmed with Adobe with support ticket. Bringing this experience requires customization which i feel shouldnt do and we wont do and leave it as its. Hope it helps others too!

     

    Adobe ticket says the below

     

    The Apache Jackrabbit Oak TokenConfiguration that you’ve modified (setting the token expiration to 15 minutes) strictly controls the lifetime of the authentication token - that is, it determines when the token, and hence the user session, will be invalidated.

    However, this configuration does not trigger any client‐side behavior such as displaying a “Session signed out” pop up.
    In AEM Assets, the pop-up you observe is not a direct effect of the token expiration setting but rather is implemented as client-side logic ,usually via a dedicated client library or UI module. In contrast, the AEM Sites author environment does not include this additional UI functionality by default.

    The Assets UI has been enhanced with a user experience element (a pop-up) that notifies users when their session is about to expire. This is implemented using custom Granite UI client libraries that listen for session expiration events.

    The Sites author interface, by design, simply allows the token to expire and redirects the user to the IDP for re-authentication once the token is no longer valid. There is no built‑in mechanism to warn or prompt the user beforehand.

    If you wish to have a similar “session signed out” pop up in the AEM Sites environment, it will require custom implementation. You can:

    1.) Examine the client library implementation in AEM Assets (by checking the related Granite UI client libraries) as a reference.
    2.) Develop and deploy a similar JavaScript or client-side module in the Sites environment that listens for inactivity and shows the pop-up before the session token expires.

     

      Terms & ConditionsAccessibility statement

      Loading footer...