[keycloak-dev] auth timeout behavior change
Bill Burke
bburke at redhat.com
Thu Jun 18 16:47:28 EDT 2015
We have a timeout between login actions. For example, you enter your
username password, get redirected to OTP form, wait 5 minutes, then a
timeout happens. You are currently booted out with an Error page. The
ClientSession can still exist as it may not have been reaped by the
reaper thread yet.
On 6/18/2015 4:44 PM, Scott Rossillo wrote:
> The current behavior is less than ideal and not a good user experience, but what happens if the session on client times out? It’s not going to be able to reconcile the state on redirect after login. Maybe the behavior should be configurable? Maybe I’m missing something. What do you mean by reset the ClientSession and start over from the beginning? Where is the beginning?
>
> ~ Scott
>
>
>> On Jun 18, 2015, at 4:35 PM, Bill Burke <bburke at redhat.com> wrote:
>>
>> Right now, if there is a timeout between actions when logging in, we
>> show an error page. I think I'd rather we just reset the ClientSession
>> and start over from the beginning. Might be a bit more user friendly.
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list