[keycloak-user] How to remove Expires/Max-age from session cookie?
Caranzo Gideon
Gideon.Caranzo at gemalto.com
Mon May 8 14:31:20 EDT 2017
Hi,
Is it possible in Keycloak to remove Expires/Max-age from "KEYCLOAK_SESSION" cookie?
Basically, we want the cookie to last only until browser is closed.
Also, why does Keycloak set this value on the cookie? What are the risks in case an attacker is able to steal it?
Best regards,
Gideon
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
More information about the keycloak-user
mailing list