Cookie will only survive browser restarts if you enable remember me and
user clicks the remember me checkbox.
On 8 May 2017 at 20:31, Caranzo Gideon <Gideon.Caranzo(a)gemalto.com> wrote:
Hi,
Is it possible in Keycloak to remove Expires/Max-age from
"KEYCLOAK_SESSION" cookie?
Basically, we want the cookie to last only until browser is closed.
Also, why does Keycloak set this value on the cookie? What are the risks
in case an attacker is able to steal it?
Best regards,
Gideon
________________________________
This message and any attachments are intended solely for the addressees
and may contain confidential information. Any unauthorized use or
disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for
the message if altered, changed or falsified. If you are not the intended
recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission
free from viruses, the sender will not be liable for damages caused by a
transmitted virus.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user