Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-2741

Don't remove KEYCLOAK_REMEMBERME cookie when sso session expires.

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Done
    • None
    • 2.4.0.CR1
    • None
    • None

    Description

      When user clicks "Remember me" on login screen, we have username "hint" provided by KEYCLOAK_REMEMBERME cookie. IMO this cookie should be later deleted only when:

      • User explicitly clicked on logout and manually logout himself
      • User click on "Login" button on login screen without the rememberme checkbox checked

      IMO the KEYCLOAK_REMEMBERME cookie shouldn't be deleted when SSO cookie is expired, which is current behaviour and should be changed IMO.

      We can also add new configuration option with some good default timeout for KEYCLOAK_REMEMBERME cookie to be expired (maybe one month is sufficient? Currently the timeout of cookie is not configurable and is hardcoded to 1 year)

      Attachments

        Issue Links

          Activity

            People

              sthorger@redhat.com Stian Thorgersen
              mposolda@redhat.com Marek Posolda
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: