Re: [keycloak-dev] User sessions added
What then is the benefit of having this iframe compared to just adding something like the
following to keycloak.js:
setTimeout(function() {
var req = new XMLHttpRequest();
req.open('GET',
'http://localhost:8080/auth/rest/realms/realm/tokens/session-status?session_state=...',
true);
req.onreadystatechange = function () {
if (req.readyState == 4 && req.status == 200) {
var status = JSON.parse(req.responseText);
if (!status.active) {
clearToken();
}
}
}
req.send();
}, 3000);
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, 9 May, 2014 1:41:02 PM
Subject: Re: [keycloak-dev] User sessions added
On 5/9/2014 6:59 AM, Stian Thorgersen wrote:
> User sessions have been added. In summary when a user logs in a new session
> is created (and persisted in the model). The identity cookie as well as
> all tokens/refresh-tokens are associated with a session. When a user logs
> out the session is invalidated (removed from the model), which invalidates
> the identity cookie and all tokens/refresh-tokens.
>
> There's two related issues left to do:
>
> * Make sure adapters only log out a specific session (if LoginAction
> contains a session id)
> * Allow a user to log out all sessions through the account management
> console
>
> Also, we may want some mechanism to retrieve the status of a session from
> applications. This could be a REST endpoint, or the crazy iframe technique
> from OpenID Connect. I think this can be postponed to after 1.0 though.
>
The crazy IFrame techique would require this REST "ping". At least for
us, as our cookies would be http-only.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev