[keycloak-user] My KEYCLOAK_SESSION cookie is always wrong

[Colin Ritchie]

Thanks Stian.  You were right, although there were 2 issues.  The proxy was
messing with the cookies, and I have resolved this.  But I am still
periodically seeing issues when we are testing multiple different keycloak
installs from the same browser - sometimes there are multiple session
cookies, and I end up having to clear out all of them to get Keycloak to
start working again.  I have not been able to reproduce this consistently
yet, though.

On Tue, Nov 15, 2016 at 3:27 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Looks like your reverse proxy is for some reason messing with the cookies
>
> On 14 November 2016 at 20:47, Colin Ritchie <colin.ritchie at tasktop.com>
> wrote:
>
>> Hello,
>>
>> I am running keycloak behind an reverse proxy.  After I log in, when
>> visiting the keycloak admin, the page refreshes every 5 seconds.  It
>> appears to be because my session cookie does not match the expected
>> KEYCLOAK_SESSION value in the server response.
>>
>> When I monitor the traffic between the browser and keycloak, the cookie
>> sent to keycloak matches the cookie in the response.
>>
>> When I put a breakpoint in the login.status.iframe.html getCookie()
>> method,
>> I see the desired cookie with the incorrect name
>> "!Proxy!clusterProxyKEYCLOAK_SESSION", and I sometimes see a an invalid
>> cookie with the correct name "KEYCLOAK_SESSION".
>>
>> example:
>> "
>> !Proxy!clusterProxyKEYCLOAK_SESSION=master/127ff890-6fde-47f
>> 5-8a81-039c67d0a261/c7b9427b-eb59-4b2a-8b3c-f8436c130613"
>>
>> Does anyone know what is happening here?
>>
>> --
>> *Colin Ritchie **|* *Engineering Manager* *|* *Tasktop Technologies*
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>


-- 
*Colin Ritchie **|* *Engineering Manager* *|* *Tasktop Technologies*