Adobe Experience Manager Sites & More

starks · 10/15/15

Hi,

We are using out of the box "Sling Authenticator service" for login , Can someone tell me how do i make sure that session never times out? Any configuration?

@SlingServlet(paths = "/bin/tnt/login", extensions = "html")public class LoginServlet extends SlingAllMethodsServlet {private static final long serialVersionUID = 1L;@Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC)private volatile Authenticator authenticator;@Override    protected void doPost(final SlingHttpServletRequest request, final SlingHttpServletResponse response)throws ServletException, IOException {authenticator.login(request, response); }

}

Regards

justin_at_adobe · 10/15/15

Hi,

For this requirement, you'll need to implement your own AuthenticationHandler which implements a cookie-based "Remember Me" type of functionality. The tokens used in AEM are not meant to be used for long-lived logins in the manner you are describing.

Regards,

Justin

View solution in original post

bfvaughn · 10/15/15

Could be wrong but have you tried changing the Day CQSE HTTP Service timeout setting?

Lokesh_Shivalingaiah · 10/15/15

I think you need to create a custom authenticator to handle this !

starks · 10/15/15

Hi Scot,

Is Form Based Auth Handler service available in AEM6.0 Sp1 ? I don't find this. is this removed in AEM6.0 ??

Jörg_Hoh · 10/15/15

Hi,

Why do you want sessions never to time out? Only for a specific user?

kind regards,
Jörg

starks · 10/15/15

Hi,

This is for all the users not for specific user.

Requirement was once login in to that site, never expire that login session. From a business usecase of this client , it really makes sense given the kind of users they deal with - it would certainly increase their site visits given their usecases.

Apparently, i am kind of struck how to enable "never expire login session" or atleast figure out a way to set a higher expiration let's say "1 Month".

I was thinking Form Authentication Handler would help here - given that it has option to provide "Session Expiry Val" and also ability to use Cookie based rather than Session bound.

Can you Please let me know how to proceed with Form Auth Handler with AEM6.0?

I've been with CQ for 4years - never struck like this before :) any help greatly appreciated.

Thanks

smacdonald2008 · 10/15/15

You can configure Sling Authentication service here:

http://localhost:4502/system/console/configMgr

[img]authconfig.png[/img]

However - not seeing a timeout value. You may have to write a custom service for this.

Watch Justin' s session on secure web sites.

See: http://adobe.ly/1F5VLpH.

starks · 10/15/15

Thanks everyone for the responses.

I was thinking may be the FormAuthenticationHandler would help here..this has the option to specify session expiry val??

http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationh...

Alternatively, i was wondering if just changing the below token expiration below helps ?

org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl

starks · 10/15/15

hi scott, your thoughts on the above?

justin_at_adobe · 10/15/15

Hi,

For this requirement, you'll need to implement your own AuthenticationHandler which implements a cookie-based "Remember Me" type of functionality. The tokens used in AEM are not meant to be used for long-lived logins in the manner you are describing.

Regards,

Justin

starks · 10/15/15

Hi Justin,

Thank you for clarifying.

Do you have a example/sample Custom Auth Handler for cookie based remember me login functionality. It would be great if you can help me with some links/blogs/code samples if you have any.

Regards

Adobe Experience Manager Sites & More

Session Timeout Value - "Sling Authenticator"

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe