You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 7, 2020. It is now read-only.
As a user I have a lot of assigned groups, so my access token can have more than 4093 bytes. Also, token encryption adds some additional bytes. The problem is that (encrypted) access/refresh token is stored in the cookie (kc-access/kc-state) and the browser may have a problem to write more than 4093 bytes per single cookie - it will result in the infinite loop of issuing access token between keycloak-proxy and IDP because cookie value is not available.
Solution:
If the length of cookie data for the kc-access cookie is larger than 4093 bytes, then set more cookies in the browser, (kc_access, kc-access-1, kc-access-2, ...) so the single cookie will store max 4093 bytes. Also when keycloak-proxy reads kc-access cookie, it will read all cookies with prefix kc-access_ and it will combine them into one value internally.
The text was updated successfully, but these errors were encountered:
jangaraj
changed the title
Problem with kc-access cookie, which has more than 4093 bytes
Problem with kc-access/kc-state cookie, which has more than 4093 bytes
Sep 19, 2017
As a user I have a lot of assigned groups, so my access token can have more than 4093 bytes. Also, token encryption adds some additional bytes. The problem is that (encrypted) access/refresh token is stored in the cookie (
kc-access/kc-state
) and the browser may have a problem to write more than 4093 bytes per single cookie - it will result in the infinite loop of issuing access token between keycloak-proxy and IDP because cookie value is not available.Solution:
If the length of cookie data for the
kc-access
cookie is larger than 4093 bytes, then set more cookies in the browser, (kc_access, kc-access-1, kc-access-2, ...
) so the single cookie will store max 4093 bytes. Also when keycloak-proxy readskc-access
cookie, it will read all cookies with prefixkc-access_
and it will combine them into one value internally.Reference for the constant
4093
- http://browsercookielimits.squawky.net/.Any better ideas how to solve this browser cookie size limit?
WIP: master...jangaraj:divided-access-cookie
The text was updated successfully, but these errors were encountered: