Menu
When authenticating from KeyCloak login page it pass session code as a query param. Are there a way to avoid this and pass session code in different manner (ex: as a header param)
POST https://xxx/auth/realms/xxx/login-actions/authenticate?session_code=xxxxxxxxx&execution=xxxxxx&client_id=xxx&tab_id=xxxx HTTP/1.1
536
There is no way to prevent that other than modifying source code. Why do you think it is security vulnerability? Session code is used for CSRF (cross-site request forgery) protection. The actual session identifier is stored in browser cookies.
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
