How to set timeout for login-token

AEM is REST-based, does not have the concept of the session which makes every request atomic. For accessing protected resources at the time of successful login, the Token authentication handler would issue a login-token cookie and subsequent authentication is based on a login-token cookie. With this for all request credentials are not requested till the expiry of cookie. Steps to configure the timeout for login-token is

AEM 5.6.1 or below follow https://forums.adobe.com/thread/1035785
AEM 6+ configure token expiration at http://<host>:<port>/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl
Also, make sure to set Token Length otherwise will throw an exception "org.eclipse.jetty.servlet.ServletHandler / java.lang.IllegalArgumentException: Invalid token ''"

More details on AEM6+ refer http://jackrabbit.apache.org/oak/docs/security/authentication/tokenmanagement.html

AEM Tutorials for Beginners

April 2, 2020
Estimated Post Reading Time ~