Session Timeout Value - "Sling Authenticator" | Community
Skip to main content
S
starks
Level 2
October 16, 2015
Solved

Session Timeout Value - "Sling Authenticator"

  • October 16, 2015
  • 10 replies
  • 2529 views

Hi,

We are using out of the box "Sling Authenticator service"  for login , Can someone tell me how do i make sure that session never times out? Any configuration?

 

@SlingServlet(paths = "/bin/tnt/login", extensions = "html")public class LoginServlet extends SlingAllMethodsServlet {private static final long serialVersionUID = 1L;@Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC)private volatile Authenticator authenticator;@Override    protected void doPost(final SlingHttpServletRequest request, final SlingHttpServletResponse response)throws ServletException, IOException {authenticator.login(request, response); }

}

 

 

Regards

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by JustinEd3

Hi,

For this requirement, you'll need to implement your own AuthenticationHandler which implements a cookie-based "Remember Me" type of functionality. The tokens used in AEM are not meant to be used for long-lived logins in the manner you are describing.

Regards,

Justin

10 replies

B
bfvaughn
Level 3
October 16, 2015

Could be wrong but have you tried changing the Day CQSE HTTP Service timeout setting?

Lokesh_Shivalingaiah
Lokesh_Shivalingaiah
Level 10
October 16, 2015

I think you need to create a custom authenticator to handle this !

S
starksAuthor
Level 2
October 16, 2015

Hi Scot,

Is Form Based Auth Handler service available in AEM6.0 Sp1 ? I don't find this. is this removed in AEM6.0 ??

joerghoh
Adobe Employee
joerghohAdobe Employee
Adobe Employee
October 16, 2015

Hi,

Why do you want sessions never to time out? Only for a specific user?

kind regards,
Jörg

S
starksAuthor
Level 2
October 16, 2015

Hi,

This is for all the users not for specific user.

Requirement was once login in to that site, never expire that login session. From a business usecase of this client , it really makes sense given the kind of users they deal with - it would certainly increase their site visits given their usecases.

Apparently, i am kind of struck how to enable "never expire login session" or atleast figure out a way to set a higher expiration let's say  "1 Month".

I was thinking Form Authentication Handler would help here - given that it has option to provide "Session Expiry Val" and also ability to use Cookie based rather than Session bound.

Can you Please let me know how to proceed with Form Auth Handler with AEM6.0?

I've been with CQ for 4years - never struck like this before :) any help greatly appreciated.

Thanks

smacdonald2008
smacdonald2008
Level 10
October 16, 2015

You can configure Sling Authentication service here:

http://localhost:4502/system/console/configMgr

[img]authconfig.png[/img]

However - not seeing a timeout value. You may have to write a custom service for this. 

Watch Justin' s session on secure web sites. 

See: http://adobe.ly/1F5VLpH.

S
starksAuthor
Level 2
October 16, 2015

Thanks everyone for the responses.

I was thinking may be the FormAuthenticationHandler would help here..this has the option to specify session expiry val??

http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html

Alternatively, i was wondering if just changing the below token expiration below helps ?

org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl

S
starksAuthor
Level 2
October 16, 2015

hi scott, your thoughts on the above?

J
Adobe Employee
JustinEd3Adobe EmployeeAccepted solution
Adobe Employee
October 16, 2015

Hi,

For this requirement, you'll need to implement your own AuthenticationHandler which implements a cookie-based "Remember Me" type of functionality. The tokens used in AEM are not meant to be used for long-lived logins in the manner you are describing.

Regards,

Justin

S
starksAuthor
Level 2
October 16, 2015

Hi Justin,

Thank you for clarifying. 

Do you have a example/sample Custom Auth Handler for cookie based remember me login functionality. It would be great if you can help me with some links/blogs/code samples if you have any.

Regards

Terms & ConditionsAccessibility statement

Loading footer...