Merge pull request #487 from stianst/master
KEYCLOAK-501 Check if old session for browser exists and delete before c...
This commit is contained in:
commit
436f5f6229
3 changed files with 19 additions and 5 deletions
|
@ -389,9 +389,9 @@ var Keycloak = function (config) {
|
|||
if (token) {
|
||||
kc.token = token;
|
||||
kc.tokenParsed = JSON.parse(decodeURIComponent(escape(window.atob( token.split('.')[1] ))));
|
||||
var sessionId = kc.realm + '-' + kc.tokenParsed.sub;
|
||||
var sessionId = kc.realm + '/' + kc.tokenParsed.sub;
|
||||
if (kc.tokenParsed.session_state) {
|
||||
sessionId = sessionId + '-' + kc.tokenParsed.session_state;
|
||||
sessionId = sessionId + '/' + kc.tokenParsed.session_state;
|
||||
}
|
||||
kc.sessionId = sessionId;
|
||||
kc.authenticated = true;
|
||||
|
|
|
@ -111,12 +111,13 @@ public class AuthenticationManager {
|
|||
CookieHelper.addCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, cookiePath, null, null, maxAge, secureOnly, true);
|
||||
//builder.cookie(new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly));// todo httponly , true);
|
||||
|
||||
String sessionCookieValue = realm.getName() + "-" + user.getId();
|
||||
String sessionCookieValue = realm.getName() + "/" + user.getId();
|
||||
if (session != null) {
|
||||
sessionCookieValue += "-" + session.getId();
|
||||
sessionCookieValue += "/" + session.getId();
|
||||
}
|
||||
// THIS SHOULD NOT BE A HTTPONLY COOKIE! It is used for OpenID Connect Iframe Session support!
|
||||
CookieHelper.addCookie(KEYCLOAK_SESSION_COOKIE, sessionCookieValue, cookiePath, null, null, maxAge, secureOnly, false);
|
||||
// Max age should be set to the max lifespan of the session as it's used to invalidate old-sessions on re-login
|
||||
CookieHelper.addCookie(KEYCLOAK_SESSION_COOKIE, sessionCookieValue, cookiePath, null, null, realm.getSsoSessionMaxLifespan(), secureOnly, false);
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -99,6 +99,19 @@ public class OAuthFlows {
|
|||
Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
|
||||
Cookie remember = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
|
||||
rememberMe = rememberMe || remember != null;
|
||||
|
||||
Cookie sessionCookie = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_SESSION_COOKIE);
|
||||
if (sessionCookie != null) {
|
||||
String oldSessionId = sessionCookie.getValue().split("/")[2];
|
||||
if (!oldSessionId.equals(session.getId())) {
|
||||
UserSessionModel oldSession = realm.getUserSession(oldSessionId);
|
||||
if (oldSession != null) {
|
||||
log.debugv("Removing old user session: session: {0}", oldSessionId);
|
||||
realm.removeUserSession(oldSession);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// refresh the cookies!
|
||||
authManager.createLoginCookie(realm, accessCode.getUser(), session, uriInfo, rememberMe);
|
||||
if (rememberMe) authManager.createRememberMeCookie(realm, uriInfo);
|
||||
|
|
Loading…
Reference in a new issue