[keycloak-dev] timeouts
Stian Thorgersen
stian at redhat.com
Fri Jul 24 03:14:55 EDT 2015
+1 I can't see why basically just saving the initial request from the client is a problem - sounds like it would be a proper solution to the problem
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Thursday, 23 July, 2015 5:16:23 PM
> Subject: [keycloak-dev] timeouts
>
> Was thinking about this more and I think it might be ok to have a
> session cookie that has all the initial information needed to restore
> the client session and restart the login without having to redirect back
> to the client. The session cookie would match up against the code query
> param that is passed around. This would probably be good enough
> protection. Only thing an attacker would be able to do is restart the
> login.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list