[keycloak-dev] openid-connect/login-status-iframe.html caching in browser and on CDN

[Stian Thorgersen]

It can be cached. The contents is only the html for the iframe and doesn't
check if user is logged in. The check if a user is logged in is done by
javascript, which reads the value of the session state cookie.

The only issue with caching is if the client is deleted or the origin is
removed the session iframe is still valid until it's expired from the
cache, but I don't think that's a problem.

On 26 November 2015 at 15:19, Bill Burke <bburke at redhat.com> wrote:

> You can't.  This request is done to determine if the user is logged in
> or not, IIRC.
>
> On 11/26/2015 8:57 AM, Libor Krzyzanek wrote:
> > Hi,
> > I’m wondering if it would be possible to cache all unique
> “.../openid-connect/login-status-iframe.html" in browser and then also on
> CDN e.g. Akamai.
> > I mean whole URL with all parameters “clinet_id” and “origin”.
> >
> > This would greatly improve performance of website using JS client
> because Akamai servers content much faster.
> >
> > I checked our instance and http header has Cache-Control:max-age=2592000
> which is 30 days
> >
> > Does it mean that we can configure Akamai to cache it?
> > When the content of iframe.html could change and thus it’s needed to be
> invalidated on browser cache and on CDN cache?
> >
> > Thanks,
> >
> > Libor Krzyžanek
> > jboss.org Development Team
> >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151126/d03e3de9/attachment-0001.html