[keycloak-user] Browser not maintaining session for keycloak users

keycloak demo testoauth55 at gmail.com
Thu Aug 23 06:04:09 EDT 2018 

Marek,

Proxy/Load balancer are not being used and I am accessing keycloak
directly. In fact both 3.4.3 version and 4.X version are running on same
machine and are accessed through same browser locally via
http://localhost:<port>/auth
by apps.

So the only difference the 2 instance(3.x and 4.x) have are different port
numbers(which won't make any difference anyway.) and yet they show
different behavior in terms of setting cookies.

I assume the absence of KEYCLOAK_IDENTITY and KEYCLOAK_SESSION cookie would
be the reason for session not getting maintained.


On Thu, Aug 23, 2018 at 1:04 PM Marek Posolda <mposolda at redhat.com> wrote:

> Hmm... in your post, I see that cookies KEYCLOAK_IDENTITY and
> KEYCLOAK_SESSION are not present in Keycloak 4.X. Those are the cookies,
> which are important for the automatic SSO re-authentication.
>
> Those cookies should be added by Keycloak after successful first
> authentication. So at the moment, when you first authenticate and the page
> "You may close this browser window and go back to your console
> application.", the cookies should be there. BTV. Do you have Keycloak
> behind some proxy/loadbalancer or are you accessing it directly? If you're
> behind proxy/LB, could you try to access KEycloak host directly without any
> proxy/LB involved in between?
>
> Marek
>
> On 23/08/18 07:25, keycloak demo wrote:
>
> Thanks Marek for the update,
>
> I understand that https://issues.jboss.org/browse/KEYCLOAK-5179
> mentions the issue pertaining to message: "You are already logged in". But
> will the second issue that I reported also be fixed in this bug?
>
> *Issue summary:*  When a user logs in he is shown the message: "You may
> close this browser window and go back to your console application.". Now if
> I open a new tab, the user should be logged in right? But he is shown the
> login form again.
>
> This issue was not coming in Keycloak 3.4.3 and session was being
> maintained by browser. But I found this issue on 4.1.0 and also on 4.3.0.
> In the 4.x version I see a cookie *KC_RESTART* cookie instead of
> *KC_SESSION* cookie in cookies section which might be the reason.
>
> *Here's the post containing complete details of above issue with
> screenshots:*
> https://stackoverflow.com/questions/51592647/keycloak-is-not-maintaining-session-in-browser
>
>
>
> On Tue, Aug 21, 2018 at 6:08 PM Marek Posolda <mposolda at redhat.com> wrote:
>
>> We have opened JIRA for this:
>> https://issues.jboss.org/browse/KEYCLOAK-5179 . Hopefully it's fixed
>> relatively soon in one of the next releases.
>>
>> Marek
>>
>> On 17/08/18 07:47, keycloak demo wrote:
>> > Update:
>> >
>> > Facing the same issue on keycloak 4.3.0.final. I have taken a fresh
>> > instance of keycloak 4.3.0 and created just 2 users, but still facing
>> the
>> > same issue of browser not maintaining session.
>> >
>> > On Mon, Aug 13, 2018 at 12:10 PM, keycloak demo <testoauth55 at gmail.com>
>> > wrote:
>> >
>> >> Can someone please help me on this issue?
>> >>
>> >> On Thu, Aug 9, 2018 at 9:51 AM, keycloak demo <testoauth55 at gmail.com>
>> >> wrote:
>> >>
>> >>> Another update:
>> >>>
>> >>> Though the login form appears every time but if i login with a
>> different
>> >>> user the second time i.e. launch client app -> login with user1 ->
>> relaunch
>> >>> client app (browser shows login form instead of already logged in
>> message)
>> >>> -> now login with user2.
>> >>>
>> >>> I get following message:
>> >>> " We're sorry...You are already authenticated as different user
>> 'user1'
>> >>> in this session. Please logout first."
>> >>> If it's able to know another user is logged in, then why the login
>> form
>> >>> is appearing?
>> >>>
>> >>>
>> >>> On Tue, Jul 31, 2018 at 4:58 PM, Test Oauth <testoauth55 at gmail.com>
>> >>> wrote:
>> >>>
>> >>>> An update on my findings: When I checked developer console: I am
>> getting
>> >>>> KC_RESTART cookie in cookies section.
>> >>>>
>> >>>> On Tue, Jul 31, 2018 at 9:34 AM, Test Oauth <testoauth55 at gmail.com>
>> >>>> wrote:
>> >>>>
>> >>>>> Yes sir,
>> >>>>> I followed the doc  https://www.keycloak.org/docs/
>> >>>>> latest/securing_apps/index.html#_installed_adapter. And am seeing
>> the
>> >>>>> same behavior on chrome and firefox.
>> >>>>>
>> >>>>> Also regarding the manual mode, I see the same behavior i.e I have
>> to
>> >>>>> re-login for each re-run of the client app.
>> >>>>>
>> >>>>> But if I do this:
>> >>>>>
>> >>>>> System.out.println("Login through manual mode");
>> >>>>> keycloak.loginManual();
>> >>>>> System.out.println("Login through browser");
>> >>>>> keycloak.loginDesktop();
>> >>>>>
>> >>>>> i.e. if I call both modes in the same code or even same mode twice
>> in
>> >>>>> the same code, then I don't have to re-login for second call (in
>> the above
>> >>>>> example for loginDesktop). However when I re-run the application, I
>> need to
>> >>>>> re-login. This might be a stupid guess but could these sessions be
>> "java
>> >>>>> object specific"?
>> >>>>>
>> >>>>>
>> >>>>> On Tue, Jul 31, 2018 at 6:14 AM, Dmitry Telegin <dt at acutus.pro>
>> wrote:
>> >>>>>
>> >>>>>> Hi,
>> >>>>>>
>> >>>>>> Did you do everything in accordance with the docs?
>> >>>>>> https://www.keycloak.org/docs/latest/securing_apps/index.htm
>> >>>>>> l#_installed_adapter
>> >>>>>>
>> >>>>>> Do you experience this in "manual" mode too?
>> >>>>>>
>> >>>>>> Cheers,
>> >>>>>> Dmitry Telegin
>> >>>>>> CTO, Acutus s.r.o.
>> >>>>>> Keycloak Consulting and Training
>> >>>>>>
>> >>>>>> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
>> >>>>>> +42 (022) 888-30-71
>> >>>>>> E-mail: info at acutus.pro
>> >>>>>>
>> >>>>>> On Mon, 2018-07-30 at 16:08 +0530, Test Oauth wrote:
>> >>>>>>> I am using openid-connect for authenticating users. After
>> successful
>> >>>>>>> authentication, browser windows says:
>> >>>>>>> "Login Successful
>> >>>>>>>
>> >>>>>>> You may close this browser window and go back to your console
>> >>>>>> application."
>> >>>>>>> However, even without closing the window if I relaunch my
>> application
>> >>>>>>> (using keycloak.loginDesktop();) even within 10 seconds, still the
>> >>>>>> login
>> >>>>>>> page appears instead of : you are already logged in.
>> >>>>>>>
>> >>>>>>> Browser: Firefox.
>> >>>>>>> _______________________________________________
>> >>>>>>> keycloak-user mailing list
>> >>>>>>> keycloak-user at lists.jboss.org
>> >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>>>>
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>

More information about the keycloak-user mailing list