Solved

Session Timeout Value - "Sling Authenticator"

Forum|Forum|10 years ago
October 16, 2015
10 replies
2529 views

Hi,

We are using out of the box "Sling Authenticator service" for login , Can someone tell me how do i make sure that session never times out? Any configuration?

@SlingServlet(paths = "/bin/tnt/login", extensions = "html")public class LoginServlet extends SlingAllMethodsServlet {private static final long serialVersionUID = 1L;@Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC)private volatile Authenticator authenticator;@Override    protected void doPost(final SlingHttpServletRequest request, final SlingHttpServletResponse response)throws ServletException, IOException {authenticator.login(request, response); }

}

Regards

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by JustinEd3

Hi,

For this requirement, you'll need to implement your own AuthenticationHandler which implements a cookie-based "Remember Me" type of functionality. The tokens used in AEM are not meant to be used for long-lived logins in the manner you are describing.

Regards,

Justin

B

bfvaughn

Could be wrong but have you tried changing the Day CQSE HTTP Service timeout setting?

Lokesh_Shivalingaiah

I think you need to create a custom authenticator to handle this !

S

starksAuthor

Hi Scot,

Is Form Based Auth Handler service available in AEM6.0 Sp1 ? I don't find this. is this removed in AEM6.0 ??

joerghoh

Adobe Employee

Hi,

Why do you want sessions never to time out? Only for a specific user?

kind regards,
Jörg

S

starksAuthor

Hi,

This is for all the users not for specific user.

Requirement was once login in to that site, never expire that login session. From a business usecase of this client , it really makes sense given the kind of users they deal with - it would certainly increase their site visits given their usecases.

Apparently, i am kind of struck how to enable "never expire login session" or atleast figure out a way to set a higher expiration let's say "1 Month".

I was thinking Form Authentication Handler would help here - given that it has option to provide "Session Expiry Val" and also ability to use Cookie based rather than Session bound.

Can you Please let me know how to proceed with Form Auth Handler with AEM6.0?

I've been with CQ for 4years - never struck like this before :) any help greatly appreciated.

Thanks

smacdonald2008

You can configure Sling Authentication service here:

http://localhost:4502/system/console/configMgr

[img]authconfig.png[/img]

However - not seeing a timeout value. You may have to write a custom service for this.

Watch Justin' s session on secure web sites.

See: http://adobe.ly/1F5VLpH.

S

starksAuthor

Thanks everyone for the responses.

I was thinking may be the FormAuthenticationHandler would help here..this has the option to specify session expiry val??

http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html

Alternatively, i was wondering if just changing the below token expiration below helps ?

org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl

S

starksAuthor

hi scott, your thoughts on the above?

J

JustinEd3

Accepted solution

Adobe Employee

Hi,

For this requirement, you'll need to implement your own AuthenticationHandler which implements a cookie-based "Remember Me" type of functionality. The tokens used in AEM are not meant to be used for long-lived logins in the manner you are describing.

Regards,

Justin

S

starksAuthor

Hi Justin,

Thank you for clarifying.

Do you have a example/sample Custom Auth Handler for cookie based remember me login functionality. It would be great if you can help me with some links/blogs/code samples if you have any.

Regards

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded