Older browsers don't support HttpOnly cookies, right? So, maybe we
don't set login cookies for these older browsers. For SSO, this will
require a relogin every time. For the admin UI, we just won't allow
interaction with older browsers. We'll do this by checking the
User-Agent header.
https://issues.jboss.org/browse/KEYCLOAK-23
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com