<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Thanks Stian for getting my point.</div><div class=""><br class=""></div>Here is screencast how google works for me: <a href="https://dl.dropboxusercontent.com/u/40512422/devel/keycloak/google-login-back-button.mov" class="">https://dl.dropboxusercontent.com/u/40512422/devel/keycloak/google-login-back-button.mov</a><div class=""><br class=""></div><div class="">Let me describe these things from really “end user” perspective.</div><div class=""><br class=""></div><div class="">If I’m trying to feel like a really “end-user” the only thing that Login Server is responsible for is provide me a way (registration or login) to give me access to let’s call it “secured content".</div><div class="">I don’t care about login server. I care about the secured content.</div><div class="">If I’m successfully logged in and SSO session exists I should not see any “no longer valid” message because it’s not true. I’m logged in so everything is OK and I didn’t make any mistake. I successfully logs in and should get the “secured content”.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">In case the login server would give me “page is no longer valid” brings to my mind something like “I was logged out” or “I did something wrong” or “I need to do something again like do login again".</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Thanks,</div><div class=""><div class=""><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Libor Krzyžanek</div><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Principal Software Engineer<br class="">Red Hat Developers | Engineering</div>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Apr 7, 2016, at 3:31 PM, Stian Thorgersen <<a href="mailto:sthorger@redhat.com" class="">sthorger@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">I agree it should either show a page is no longer valid message or redirect back to origin as you're suggesting. The latter is the best, but we need to be able to identify that's actually what should be done. I tried with Google and it actually didn't work for me, it showed me the password page again.</div><div class="gmail_extra"><br class=""><div class="gmail_quote">On 7 April 2016 at 13:47, Libor Krzyzanek <span dir="ltr" class=""><<a href="mailto:lkrzyzan@redhat.com" target="_blank" class="">lkrzyzan@redhat.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">Hi,<div class="">when user successfully logs in (either after registration or login) then hitting back button shows KC page (login/registration) again.</div><div class=""><br class=""></div><div class="">This looks to be a bug to me because user is logged in and should be allowed to do only logout. No login or registration.</div><div class=""><br class=""></div><div class="">I tried how <a href="http://google.com/" target="_blank" class="">google.com</a> behaves and when you successfully logs in then hitting back button is handled correctly - their sso realize that you’re logged in and then user is redirected to requested page. No login page.</div><div class=""><br class=""></div><div class="">I think KC should follow same behavior.</div><div class=""><br class=""></div><div class="">Jira for login flow: <a href="https://issues.jboss.org/browse/KEYCLOAK-2768" target="_blank" class="">https://issues.jboss.org/browse/KEYCLOAK-2768</a></div><div class="">Jira for reg. flow: <a href="https://issues.jboss.org/browse/KEYCLOAK-2740" target="_blank" class="">https://issues.jboss.org/browse/KEYCLOAK-2740</a></div><div class=""><br class=""></div><div class="">Thanks,</div><div class=""><br class=""><div class="">
<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; word-wrap: break-word;" class="">Libor Krzyžanek</div><div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; word-wrap: break-word;" class="">Principal Software Engineer<br class="">Red Hat Developers | Engineering</div>
</div>
<br class=""></div></div><br class="">_______________________________________________<br class="">
keycloak-dev mailing list<br class="">
<a href="mailto:keycloak-dev@lists.jboss.org" class="">keycloak-dev@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br class=""></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></div></body></html>