Menu
Can someone please explain the cookies set by Keycloak: KEYCLOAK_SESSION,Oauth_token_request_state, KEYCLOAK_IDENTITY.
What is the relevance of each cookies?
302
They are cookies for internal use of Keycloak. KEYCLOAK_IDENTITY contains a token (JWT) with the user ids. You can view its content using jwt.io (for example). This cookie lives with your browser session and can also be refreshed with SSO. (
pbattino The KEYCLOAK_SESSION cookie basically implies that there might be an active session in Keycloak – which does not mean the session is active in browser as well which is represented by KEYCLOAK_IDENTITY, therefore independent on KEYCLOAK_SESSION.
I was going through Keycloak cookies, and specifically on KC_RESTART. While reading on link : Keycloak Authentication flow found that KC_RESTART will be used to re-create authentication flow when browser root session is expired.
They are cookies for internal use of Keycloak.
KEYCLOAK_IDENTITY contains a token (JWT) with the user ids. You can view its content using jwt.io (for example). This cookie lives with your browser session and can also be refreshed with SSO. (for example, if you change some of your personal data in the "Manage my account")
KEYCLOAK_SESSION your session id associated to the concerned realm.
Oauth_token_request_state is part of the Oauth spec in order to avoid hacking of the redirect link after login
50
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
