Kc_session Secure flag

a_k_1234 · December 10, 2021, 12:13pm

Hi!

I set in realm configuration Require SSL: all requests, and all Keycloak cookies now have Secure flag, except kc_session cookie.

KEYCLOAK_SESSION cookie is not marked HttpOnly and is used by our iframe to detect if the user is logged in still

Is “kc_session” name of “KEYCLOAK_SESSION” cookie?
“kc_session” isn’t marked with Secure flag, as it is necessary to iframe?

Keycloak version 15.0.2

Topic		Replies	Views
How to set the secure flag for cookie KEYCLOAK_SESSION	2	7669	September 28, 2021
Cookie secure flag not applied using "external requests" in "SSL required" parameter Getting advice	0	386	June 7, 2022
Cookie Security Configuring the server	0	1038	March 24, 2021
Cookie does not contain secure/HTTPOnly attribute Securing applications	0	906	January 11, 2021
Keycloak 9.0.0 - Cookies are not being sent with SameSite=None by the server Configuring the server admin-console , authentication	5	8303	August 10, 2020