[keycloak-user] Session Hijacking

Ushanas Shastri ushanas at gmail.com
Sun Mar 5 09:19:02 EST 2017


Hello,

One of the applications we have protected using KeyCloak 2.2.1 Final is
undergoing a security test, One of the issues reported is Session Hijacking.

A quick internet search leads to KeyCloak issue 3692 related to Session
Hijacking, but I cannot view this, so cant find out if this was an issue
that has been fixed in subsequent versions.

Can someone confirm if this is the case? If not, what measures can be taken
for prevention of session hijacking?

Regards, Ushanas.


More information about the keycloak-user mailing list