why separate cookie for acct svc? - keycloak-dev - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

why separate cookie for acct svc?

Import in dist

url problem with login/account mgmt

Bill Burke

Wednesday, 27 November 2013 Wed, 27 Nov '13

3:22 p.m.

Why a separate cookies for acct svc? Shouldn't it just use the same identity cookie used by the token service. If an appliation wants to link the acct mgmt page on their application, user has to relog in. Or am I missing something? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Show replies by date

Bill Burke

Wednesday, 27 November Wed, 27 Nov

3:51 p.m.

NVM, some weird gamma ray that I can't reproduce. I'm able to acces the accoutn svc page after I'm logged in now. Before it was forcing me to log in a second time, not sure why. On 11/27/2013 4:22 PM, Bill Burke wrote:

Why a separate cookies for acct svc? Shouldn't it just use the same identity cookie used by the token service. If an appliation wants to link the acct mgmt page on their application, user has to relog in. Or am I missing something?

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Stian Thorgersen

Thursday, 28 November Thu, 28 Nov

3:13 a.m.

It needs the separate one, just like the admin console does, as the identity cookie isn't bound to a specific app nor does it contain any roles. It works with SSO, so you should be redirected to login if not logged-in, if SSO just redirected back. ----- Original Message -----

From: "Bill Burke" <bburke(a)redhat.com> To: keycloak-dev(a)lists.jboss.org Sent: Wednesday, 27 November, 2013 9:51:34 PM Subject: Re: [keycloak-dev] why separate cookie for acct svc? NVM, some weird gamma ray that I can't reproduce. I'm able to acces the accoutn svc page after I'm logged in now. Before it was forcing me to log in a second time, not sure why. On 11/27/2013 4:22 PM, Bill Burke wrote: > Why a separate cookies for acct svc? Shouldn't it just use the same > identity cookie used by the token service. If an appliation wants to > link the acct mgmt page on their application, user has to relog in. > > Or am I missing something? > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

4046

days inactive

4047

days old

keycloak-dev@lists.jboss.org

Manage subscription

2 comments

2 participants

tags (0)

participants (2)

Bill Burke
Stian Thorgersen