[keycloak-dev] IE login in new session logs out the other user
Michael Gerber
gerbermichi at me.com
Fri Dec 16 10:36:37 EST 2016
Why is the KEYLOAK_SESSION cookie not an http only cookie? Is there a reason for that?
> On 16 Dec 2016, at 16:00, Stian Thorgersen <sthorger at redhat.com> wrote:
>
> Use Chrome or Firefox ;)
>
>> On 16 December 2016 at 15:44, Michael Gerber <gerbermichi at me.com> wrote:
>> That's true. It shares the cookie which does not have set httpOnly to true.
>>
>> It's obviously an IE fail, however, I need a workaround for that :)
>> Do you have any idea how to solve this?
>>
>>> Am 16. Dezember 2016 um 15:14 schrieb Stian Thorgersen <sthorger at redhat.com>:
>>>
>>
>>> ... Doesn't
>>>
>>>> On 16 December 2016 at 15:13, Stian Thorgersen <sthorger at redhat.com> wrote:
>>>> Does sound like IE actually creates a clean new session as it's sharing some cookies.
>>>>
>>>>> On 16 December 2016 at 13:10, Michael Gerber <gerbermichi at me.com> wrote:
>>>>> Hi,
>>>>>
>>>>> I am using Windows 7 and Internet Explorer 11.
>>>>>
>>>>> IE can create a new window with a new session. It should be possible to work with two different users in this two windows. However, the second login logs the older user out, because of the KEYCLOAK_SESSION cookie which is stored in the "C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Cookies" directory. The problem is, that this cookie is not set to httpOnly.
>>>>>
>>>>> Is this a known bug? Or can I solve this problem?
>>>>>
>>>>> kind regards
>>>>> Michael
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>
>
More information about the keycloak-dev
mailing list