3 p.m.
Hi,
We've got report about users who received activation/login-action emails (sent by
Keycloak) multiple times.
After doing a bit of investigation we found out that emails are sent as a side-effect of
pages obtained using a GET request, which could be the cause of sending multiple emails.
For example, after registration we hit a page at location:
<domain>/auth/realms/<realm>/login-actions/required-action?code=<code>
which also sends an email with the activation-link. Reloading this page results in the
email being sent again (with a fresh code, invalidating the old one).
So maybe users are refreshing the page unintentionally, or their (mobile) browser is. Or
they could be using the back-button and again hit this page, which sends the request once
again also resulting in a new mail.
Is anyone else running into this? Should we create a new JIRA issue to fix/improve this?
12:28 p.m.
Hi,
This issue seems to annoy quite a few of our users. It is hard to believe that we are the
only ones. I’m looking for some fellow sufferers and hopefully share some
ideas/workarounds..
On 20 Sep 2016, at 22:00, Dick Eimers <dick.eimers(a)luminis.eu>
wrote:
Hi,
We've got report about users who received activation/login-action emails (sent by
Keycloak) multiple times.
After doing a bit of investigation we found out that emails are sent as a side-effect of
pages obtained using a GET request, which could be the cause of sending multiple emails.
For example, after registration we hit a page at location:
<domain>/auth/realms/<realm>/login-actions/required-action?code=<code>
which also sends an email with the activation-link. Reloading this page results in the
email being sent again (with a fresh code, invalidating the old one).
So maybe users are refreshing the page unintentionally, or their (mobile) browser is. Or
they could be using the back-button and again hit this page, which sends the request once
again also resulting in a new mail.
Is anyone else running into this? Should we create a new JIRA issue to fix/improve this?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:18 a.m.
Can you identify what your annoyed users are actually doing? That would
help in identifying a solution. If they are refreshing the page, would they
not expect the mail to be re-sent? If they are going/back forth in the
flow, why are they doing that? If it's something else I'd say it has a
higher priority to be fixed.
You can feel free to create a JIRA enhancement request for this, but the
more information you can give us about user behavior the better.
On 22 September 2016 at 19:28, Dick Eimers <dick.eimers(a)luminis.eu> wrote:
Hi,
This issue seems to annoy quite a few of our users. It is hard to believe
that we are the only ones. I’m looking for some fellow sufferers and
hopefully share some ideas/workarounds..
> On 20 Sep 2016, at 22:00, Dick Eimers <dick.eimers(a)luminis.eu> wrote:
>
> Hi,
>
> We've got report about users who received activation/login-action emails
(sent by Keycloak) multiple times.
> After doing a bit of investigation we found out that emails are sent as
a side-effect of pages obtained using a GET request, which could be the
cause of sending multiple emails.
>
> For example, after registration we hit a page at location:
> <domain>/auth/realms/<realm>/login-actions/required-action?
code=<code>
> which also sends an email with the activation-link. Reloading this page
results in the email being sent again (with a fresh code, invalidating the
old one).
>
> So maybe users are refreshing the page unintentionally, or their
(mobile) browser is. Or they could be using the back-button and again hit
this page, which sends the request once again also resulting in a new mail.
>
> Is anyone else running into this? Should we create a new JIRA issue to
fix/improve this?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3022
days inactive
3032
days old
2 comments
2 participants
participants (2)
-
Dick Eimers -
Stian Thorgersen