Closed
Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
authentication
Describe the bug
Assume that example.com is secured by Keycloak.
Without a Keycloak session, opening example.com/path1 and example.com/path2 in two tabs redirects both tabs to the Keycloak login page.
After allowing the login timeout to lapse, logging in redirects both tabs to the same url.
Version
26.0.7, 25.0.6
Regression
- The issue is a regression
Expected behavior
Both tabs get redirected to their respective url.
Actual behavior
Both tabs are redirected to the url for which the login was initiated last.
How to Reproduce?
Assume that example.com is secured by Keycloak.
Without an active Keycloak session:
- in tab 1, call example.com/path1, redirect to Keycloak login
- in tab 2, call example.com/path2, redirect to Keycloak login
- wait for the login timeout to expire
- in tab 1, initiate login, the timeout warning is shown, log in
- both tab 1 and tab 2 are redirected to example.com/path2
Anything else?
This behavior was tested in Firefox, Chromium, Chrome.
Session settings:
SSO Session Idle and SSO Session Max: 20 min
SSO Session Idle Remember Me and SSO Session Max Remember Me: 18 hours
Login timeout: 5 min
Login action timeout: 5 min