0

According to my understanding of CQ's login mechanism, a POST request goes to http://localhost:6502/crx/de/j_security_check, which also sets login-token cookie.
This cookie is then used to authenticate and send a request to http://localhost:6502/crx/server/crx.default/jcr%3aroot/.1.json and get the Json for the Root node's children.

My Question here is, why login-token cookie is set for the Session scope. Although The browser session expires when browser is closed, still i'm logged in when i restart the browser.

Image

Shashi
  • 746
  • 10
  • 39

1 Answers1

1

This might not be AEM issue, but the browser issue. In modern browsers there are settings, for example for Chrome there is "Continue where you left" and "Continue running background apps when Google Chrome is closed", due to this Session cookie is not deleted on closing browser.

There also might be case of multiple tabs, session would not be closed on closing tab.

Refer this question on SO

Community
  • 1
  • 1
Sandeep Kumar
  • 1,758
  • 1
  • 22
  • 39