Hi All,
I have made changes for Encapsulated token as part of AEM 6.1 in order to maintain user session and syncronization across multiple publish instances.(this works more like sticky connections,but need changes only in one config and not on load balancer level)
Also, i have changed the value of Token Expiration in Apache Jackrabbit token configuration from default 12 hours
and have set the session timeout value to 20 minutes.(i have implemented a login functionality in my application and need that the user session should timeout after 20 mins of inactivity)
But as i made the changes for encapsulated token(you can find more info on encapsulated token on the following link:Encapsulated Token Support )
I observed that as encapsulated token functionality works there is no login token created within home/users .
and because of that my user session expiration is not working at all.
So, could you please suggest how we can set the session expiration in case of encapsulated token (where no login token is created).
Solved! Go to Solution.
Views
Replies
Total Likes
Please see this article:
Login session refresh not working in AEM 6.x
As a workaround, to add some expiration functionality, you could implement a custom javax.servlet.Filter to handle session refresh and expiration:
a. Download and modify this sample filter code to meet your needs:
b. Store the user (user id as key) and timestamp somewhere outside of AEM (for example a redis db). Or if sticky sessions are enabled in your dispatcher (i.e. the user's session is only active on a single publish instance), you could use something like a ConcurrentHashMap in your AEM application code.
c. Then you can manage the session refresh on your own. You can log the user out if their session expires.
d. To log the user out, just redirect them to /system/sling/logout.html, for example: /system/sling/logout.html?resource=/content/geometrixx/en.html
The code might look like this:
response.sendRedirect("/system/sling/logout.html?resource=" + url);
Views
Replies
Total Likes
Please see this article:
Login session refresh not working in AEM 6.x
As a workaround, to add some expiration functionality, you could implement a custom javax.servlet.Filter to handle session refresh and expiration:
a. Download and modify this sample filter code to meet your needs:
b. Store the user (user id as key) and timestamp somewhere outside of AEM (for example a redis db). Or if sticky sessions are enabled in your dispatcher (i.e. the user's session is only active on a single publish instance), you could use something like a ConcurrentHashMap in your AEM application code.
c. Then you can manage the session refresh on your own. You can log the user out if their session expires.
d. To log the user out, just redirect them to /system/sling/logout.html, for example: /system/sling/logout.html?resource=/content/geometrixx/en.html
The code might look like this:
response.sendRedirect("/system/sling/logout.html?resource=" + url);
Views
Replies
Total Likes
I have implemented encapsulated token (same scenario mentioned above)but as there is no .token created within home/users,my user session is not getting expired even when i have changed the session timeout from Apache Jackrabbit Oak TokenConfiguration.
Could you please suggest how i can set the session expiration in AEM(without any code change) when using encapsulated token.As the config changes in Apache Jackrabbit Oak TokenConfiguration does not affect the ongoing sssion of any logged in user.
Views
Replies
Total Likes
Views
Likes
Replies