Re: [keycloak-dev] Provide a Link to go Back to The Application on a Timeout

Maybe yes. There is also the case when the link of login page can be copy/pasted somehow and opened in new browser. The KC_RESTART cookie then also won't be visible. But this really looks like corner case... Maybe we can have the combination of 1 and 3? Have the cookie persistent and show the page with account management link just if KC_RESTART cookie is really unavailable. Marek On 17/05/17 15:09, Schuster Sebastian (INST/ESY1) wrote: > Wouldn't 1) be a good option as browser restarts are the vast > majority compared to history deletion? > Even our very restrictive company directives don't clear the > browser history on exit while messing around > with a lot of my other browser settings... > > Best regards, > Sebastian > > Mit freundlichen Grüßen / Best regards > > Sebastian Schuster > > Engineering and Support (INST/ESY1) > Bosch Software Innovations GmbH | Schöneberger Ufer 89-91 | 10785 > Berlin | GERMANY | www.bosch-si.com > Tel. +49 30 726112-485 | Fax +49 30 726112-100 | > Sebastian.Schuster(a)bosch-si.com > > Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B > Geschäftsführung: Dr.-Ing. Rainer Kallenbach, Michael Hahn > > > > >> -----Original Message----- >> From: keycloak-dev-bounces(a)lists.jboss.org [mailto:keycloak-dev- >> bounces(a)lists.jboss.org] On Behalf Of Marek Posolda >> Sent: Mittwoch, 17. Mai 2017 11:36 >> To: keycloak-dev(a)lists.jboss.org >> Subject: [keycloak-dev] Provide a Link to go Back to The >> Application on a Timeout >> >> We have the issue that after session timeout, the page "An error >> occurred, please >> login again through your application." can be shown. >> This is even worse when there is no link to go back to the >> application as users >> might be confused what to do. Details in >> https://issues.jboss.org/browse/KEYCLOAK-4016 . >> >> This is already handled in many cases as when authentication >> session is expired, it >> is always restarted from the KC_RESTART cookie. >> >> However there are still cases when this error is shown, which is >> when the restart >> from the cookie failed. This can happen when browser history >> (including cookies) >> was cleared or when user restarted the browser (as the KC_RESTART >> cookie is not >> persistent). >> >> Some possibilities to solve: >> 1) Make the KC_RESTART cookie persistent. That will handle browser restart, >> however it won't handle the case when browser history is deleted >> >> 2) Add client-id to every link as Stefan Baust suggested. Then we >> can add the link >> to client base uri on the page. This is more work with the >> possibility of error-prone >> if we miss to add the client-id to some link. >> Also we will be able to provide the link just if client has "base-uri" >> configured. >> >> 3) Add the link to the account management application page. After >> successful >> login will be shown list of applications in account management and >> user can click >> to his favourite application. Message would need to be changed to >> something like >> "An error occurred, please login again through your application or >> go to the >> <link>list of applications<link> and select your application after login." >> >> My preference is 3, 2, 1. WDYT? Any other ideas? >> >> Thanks, >> Marek >> >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev