so I tried to theme the loginpage here, which worked out pretty well at
first, but when internationalization was a thing (I had to change the
provided internationalization to a selectbox) I tried to get the
KEYCLOAK_LOCALE cookie at page load to set the selected option by this
sadly, document.cookie doesn't have the KEYCLOAK_LOCALE cookie inside,
because it seems to be set to httponly=true which doesn't make it
accessible via js.
So, this was a problem because when you first(!) call the loginpage,
there is no queryparam kc_locale=... set and I had to figure out which
language is used and thus how to set the dropdowns selected option
My custom dropdown code just looks like this:
<select name="languages" id="locale_dropdown">
<#list locale.supported as l>
now when changing the login to english, not logging in, on next call of
a protected page and redirect to the loginpage, I can't check in js
which locale is set, for no querystring is set and the cookie is not
So, 3 concrete questions:
a) why is it httponly? xss attack prevention?
b) Would it be possible to always get the locale in the querystring of
login/pw form redirect?
c) alternatively, is it possible to get the current locale in jsf by
Thanks in advance!