Re: [keycloak-user] [KEYCLOAK-2741] Don't remove KEYCLOAK_REMEMBERME cookie when sso session expires. Add timeout for KEYCLOAK_REMEMBERME cookie - JBoss Issue Tracker
Cookie authenticator doesn't start a new session. It can only authenticate
the user if the session is still active.
If you want users to remain authenticated for a longer even when inactive
you should increase the SSO timeout. That's what it's for.
KEYCLOAK-2741 is about remembering the username so the user only has to
provide the password.
On 22 July 2016 at 11:18, Valerij Timofeev <valerij.timofeev(a)gmail.com>
wrote:
https://issues.jboss.org/browse/KEYCLOAK-2741
Hi,
are there any concret plans to implement this ticket?
The current implementation does not find any positive feedback by our
customers. We are even thinking about increasing SSO timeout from 30
minutes to a couple of days to compensate at least a little bit the current
drawback. Would this break normal operation of the Keycloak servers?
Would it be enough to implement this ticket to provide full "remember me"
feature? Can cookie authenticator (auth-cookie) start a new SSO session if
the initial one is already expired?
Kind regards
Valerij Timofeev
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 1.9 KB)