Adobe Experience Manager Sites & More

nikita20 · 5/21/18

Hi All,

I have made changes for Encapsulated token as part of AEM 6.1 in order to maintain user session and syncronization across multiple publish instances.(this works more like sticky connections,but need changes only in one config and not on load balancer level)

Also, i have changed the value of Token Expiration in Apache Jackrabbit token configuration from default 12 hours

and have set the session timeout value to 20 minutes.(i have implemented a login functionality in my application and need that the user session should timeout after 20 mins of inactivity)

But as i made the changes for encapsulated token(you can find more info on encapsulated token on the following link:Encapsulated Token Support )

I observed that as encapsulated token functionality works there is no login token created within home/users .

and because of that my user session expiration is not working at all.

So, could you please suggest how we can set the session expiration in case of encapsulated token (where no login token is created).

Andrew_Khoury · 5/21/18

Please see this article:

Login session refresh not working in AEM 6.x

As a workaround, to add some expiration functionality, you could implement a custom javax.servlet.Filter to handle session refresh and expiration:

a. Download and modify this sample filter code to meet your needs:

https://github.com/Adobe-Consulting-Services/acs-aem-samples/blob/master/bundle/src/main/java/com/ad...

b. Store the user (user id as key) and timestamp somewhere outside of AEM (for example a redis db). Or if sticky sessions are enabled in your dispatcher (i.e. the user's session is only active on a single publish instance), you could use something like a ConcurrentHashMap in your AEM application code.

c. Then you can manage the session refresh on your own. You can log the user out if their session expires.

d. To log the user out, just redirect them to /system/sling/logout.html, for example: /system/sling/logout.html?resource=/content/geometrixx/en.html

The code might look like this:

response.sendRedirect("/system/sling/logout.html?resource=" + url);

View solution in original post

Andrew_Khoury · 5/21/18

Please see this article:

Login session refresh not working in AEM 6.x

As a workaround, to add some expiration functionality, you could implement a custom javax.servlet.Filter to handle session refresh and expiration:

a. Download and modify this sample filter code to meet your needs:

https://github.com/Adobe-Consulting-Services/acs-aem-samples/blob/master/bundle/src/main/java/com/ad...

b. Store the user (user id as key) and timestamp somewhere outside of AEM (for example a redis db). Or if sticky sessions are enabled in your dispatcher (i.e. the user's session is only active on a single publish instance), you could use something like a ConcurrentHashMap in your AEM application code.

c. Then you can manage the session refresh on your own. You can log the user out if their session expires.

d. To log the user out, just redirect them to /system/sling/logout.html, for example: /system/sling/logout.html?resource=/content/geometrixx/en.html

The code might look like this:

response.sendRedirect("/system/sling/logout.html?resource=" + url);

nikita20 · 5/23/18

I have implemented encapsulated token (same scenario mentioned above)but as there is no .token created within home/users,my user session is not getting expired even when i have changed the session timeout from Apache Jackrabbit Oak TokenConfiguration.

Could you please suggest how i can set the session expiration in AEM(without any code change) when using encapsulated token.As the config changes in Apache Jackrabbit Oak TokenConfiguration does not affect the ongoing sssion of any logged in user.

Adobe Experience Manager Sites & More

Session timeout in AEM with Enacpsulated token changes in AEM 6.1

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe