Expand my Community achievements bar.

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.

Token based authentication in AEM


Level 2

Hi All,

Here I have a use case for authentication . 

We have a website with CUG and non CUG pages in AEM.

A user logged in to the site and can access all the CUG and non-CUG pages.

Now someone(Admin) deletes the .token node from CRX for that particular user. 

the user now hits some of the non-CUG page - whether the Authentication handler should be triggered ? In my case it gets triggered which as per my understanding should not.

Let me know if any further details required.

Please let me know your points and help me to understand the proper flow.



Best Regards,


2 Replies


Level 10

Deleting from felix console does not remove header from end user browser. So may be header is still present in browser might have caused to consider has invalid token & thrown to login page.

  • Please try with fresh private window after deleting the .token node. 
    • If issue still persist after above means issue at cug config level
    • If issue resolves means browser cache issue & you need to custamize 404.jsp page to handle your case.


Level 2

Hi Sham,

Thanks for quick response !

1) if we use private window it works fine as you said.

2) in case of same browser with different tab then problem persist that means I need to handle in 404.jsp. 

We are using acs commons error handling concept. I would request you to please guide me what has to be written in 404.jsp to handle this scenario.


Thanks !