[keycloak-dev] openid-connect/login-status-iframe.html caching in browser and on CDN

Libor Krzyzanek lkrzyzan at redhat.com
Thu Nov 26 09:40:54 EST 2015


That’s exactly my understanding.

Thanks for clearing the impact in case that client is deleted/origin removed.

Thanks,

Libor Krzyžanek
jboss.org Development Team

> On Nov 26, 2015, at 3:26 PM, Stian Thorgersen <sthorger at redhat.com> wrote:
> 
> It can be cached. The contents is only the html for the iframe and doesn't check if user is logged in. The check if a user is logged in is done by javascript, which reads the value of the session state cookie.
> 
> The only issue with caching is if the client is deleted or the origin is removed the session iframe is still valid until it's expired from the cache, but I don't think that's a problem.
> 
> On 26 November 2015 at 15:19, Bill Burke <bburke at redhat.com <mailto:bburke at redhat.com>> wrote:
> You can't.  This request is done to determine if the user is logged in
> or not, IIRC.
> 
> On 11/26/2015 8:57 AM, Libor Krzyzanek wrote:
> > Hi,
> > I’m wondering if it would be possible to cache all unique “.../openid-connect/login-status-iframe.html" in browser and then also on CDN e.g. Akamai.
> > I mean whole URL with all parameters “clinet_id” and “origin”.
> >
> > This would greatly improve performance of website using JS client because Akamai servers content much faster.
> >
> > I checked our instance and http header has Cache-Control:max-age=2592000 which is 30 days
> >
> > Does it mean that we can configure Akamai to cache it?
> > When the content of iframe.html could change and thus it’s needed to be invalidated on browser cache and on CDN cache?
> >
> > Thanks,
> >
> > Libor Krzyžanek
> > jboss.org <http://jboss.org/> Development Team
> >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
> >
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com <http://bill.burkecentral.com/>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151126/1573276f/attachment.html 


More information about the keycloak-dev mailing list