Re: [keycloak-dev] timeouts

From: "Bill Burke" <bburke(a)redhat.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Thursday, 23 July, 2015 5:16:23 PM Subject: [keycloak-dev] timeouts Was thinking about this more and I think it might be ok to have a session cookie that has all the initial information needed to restore the client session and restart the login without having to redirect back to the client. The session cookie would match up against the code query param that is passed around. This would probably be good enough protection. Only thing an attacker would be able to do is restart the login. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev