[keycloak-user] Overriding Cookie Paths
John D. Ament
john.d.ament at gmail.com
Sun Oct 1 09:48:07 EDT 2017
Ping? I've written up some thoughts, and willing to raise a PR against
https://issues.jboss.org/browse/KEYCLOAK-5582
John
On Wed, Sep 6, 2017 at 7:24 PM John D. Ament <john.d.ament at gmail.com> wrote:
> Hi,
>
> I noticed in OAuthRequestAuthenticator that the cookie path being set is
> to null. From what I can tell, this means in most containers if my first
> release is to /foo/bar/baz/bar that the path saved to the cookie is
> "/foo/bar/baz". This is typically not an issue, however I have a legacy
> app I'm trying to integrate with Keycloak, so the cookie state is very
> important. By setting the path to a low level when I later access
> /foo/home.xhtml it causes the cookie to not get populated (which causes a
> 400 bad request later on).
>
> I'm wondering, does it make sense to add something to KeycloakDeployment
> that lists the cookie path, defaulting to null if its not set.
>
> John
>
More information about the keycloak-user
mailing list