Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Session Keep Alive

Avatar

Level 3

I have seen that my user sessions for a room will expire if there is no activity for some period of time. After that time it looks as if the authentication token for that user cannot be used again.

Is this expected behavior? If so, after what period of inactivity does the session become invalid?

Ideally I would like to keep the user session alive for a controlled period as long as they stay in the room(browser is not closed). Is there a recommended "keep alive" call I can make from clients to keep sessions alive?

Thanks,

Barry

5 Replies

Avatar

Level 4

Barry,

I believe there is an "idle session" timeout, but it isn't tied to a user.  It is an overall idle room timeout.  Could you clarify what you see exactly?  Is it a timeout of just one particular idle user (while other users and doing ok) or do all users get booted?

Nikola

Avatar

Level 3

Hi Barry,

Do you create user authentication tokens from your server?  If yes, do you have a thread to periodically call AccountManager.keepAlive() to keep your server session alive?  That's the only way I can see the user auth tokens stop working when created this way.

-Jamie

Avatar

Level 3

Thanks Nikola,

It seems to me that sessions do get killed sometimes if they are idle, but I found another possible cause. I have a room sweeper that may have deleted the room that these users were in. I'm going to remove that and run the test again today to see if the sessions are removed after an idle timeout.

Hold off on it until I verify that there really is a problem.

Thanks,

Barry

Avatar

Level 3

I ran another test and it does seem like an auth token becomes invalid in some circumstances after a period of inactivity. I still can't pin down exactly why, but the main reason for the problem I was seeing was because I had another process that deleted the room in the background.

If I see a pattern for how auth tokens become invalid I'll post back, but it works well enough now for my purposes.

Jamie,

Yes, the tokens are created using the server api.

Thanks,

Barry

Avatar

Employee

Barry, the only way an authentication session (and the external authentication tokens) expire is if the room shuts down (or if you explicitally call AccountManager.invalidateSession)

You could check if the room has shutdown when you get an authentication error by calling AccountManager.getRoomInfo(). If you get a "not-active" error it means the room is not running anymore.