[keycloak-dev] User sessions added

Stian Thorgersen stian at redhat.com
Fri May 9 09:10:30 EDT 2014


What then is the benefit of having this iframe compared to just adding something like the following to keycloak.js:

setTimeout(function() {
  var req = new XMLHttpRequest();
  req.open('GET', 'http://localhost:8080/auth/rest/realms/realm/tokens/session-status?session_state=...', true);
  req.onreadystatechange = function () {
    if (req.readyState == 4 && req.status == 200) {
      var status = JSON.parse(req.responseText);
      if (!status.active) {
        clearToken();
      }
    }
  }
  req.send();
}, 3000);


----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, 9 May, 2014 1:41:02 PM
> Subject: Re: [keycloak-dev] User sessions added
> 
> 
> 
> On 5/9/2014 6:59 AM, Stian Thorgersen wrote:
> > User sessions have been added. In summary when a user logs in a new session
> > is created (and persisted in the model). The identity cookie as well as
> > all tokens/refresh-tokens are associated with a session. When a user logs
> > out the session is invalidated (removed from the model), which invalidates
> > the identity cookie and all tokens/refresh-tokens.
> >
> > There's two related issues left to do:
> >
> > * Make sure adapters only log out a specific session (if LoginAction
> > contains a session id)
> > * Allow a user to log out all sessions through the account management
> > console
> >
> > Also, we may want some mechanism to retrieve the status of a session from
> > applications. This could be a REST endpoint, or the crazy iframe technique
> > from OpenID Connect. I think this can be postponed to after 1.0 though.
> >
> 
> The crazy IFrame techique would require this REST "ping".  At least for
> us, as our cookies would be http-only.
> 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list