Details
diff --git a/docbook/reference/en/en-US/modules/application-clustering.xml b/docbook/reference/en/en-US/modules/application-clustering.xml
index 0406522..c4246d2 100644
--- a/docbook/reference/en/en-US/modules/application-clustering.xml
+++ b/docbook/reference/en/en-US/modules/application-clustering.xml
@@ -65,8 +65,15 @@
</programlisting>
</para>
<para>
- Default value of <literal>token-store</literal> is <literal>session</literal>, hence saving data in HTTP session. One disadvantage of cookie store is,
- that whole info about account is passed in cookie KEYCLOAK_ADAPTER_STATE in each HTTP request. Hence it's not the best for network performance.
+ Default value of <literal>token-store</literal> is <literal>session</literal>, hence saving data in HTTP session.
+ </para>
+ <para>
+ One limitation of cookie store is, that whole info about account is passed in cookie KEYCLOAK_ADAPTER_STATE in each HTTP request.
+ Hence it's not the best for network performance.
+ Another small limitation is limited support for Single-Sign out. It works without issues if you init servlet logout (HttpServletRequest.logout)
+ from this application itself as the adapter will delete the KEYCLOAK_ADAPTER_STATE cookie. But back-channel logout initialized from different application can't be
+ propagated by Keycloak to this application with cookie store. Hence it's recommended to use very short value of access token
+ timeout (1 minute for example).
</para>
</section>
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java
index 526756d..f5e145f 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java
@@ -18,7 +18,7 @@ import org.keycloak.util.KeycloakUriBuilder;
public class CookieTokenStore {
private static final Logger log = Logger.getLogger(CookieTokenStore.class);
- private static final String DELIM = "@";
+ private static final String DELIM = "___";
public static void setTokenCookie(KeycloakDeployment deployment, HttpFacade facade, RefreshableKeycloakSecurityContext session) {
log.debugf("Set new %s cookie now", AdapterConstants.KEYCLOAK_ADAPTER_STATE_COOKIE);
diff --git a/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java b/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java
index 784a1fa..c30bd3a 100755
--- a/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java
+++ b/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java
@@ -119,7 +119,7 @@ public class CatalinaHttpFacade implements HttpFacade {
@Override
public void resetCookie(String name, String path) {
- setCookie(name, "", null, path, 0, false, false);
+ setCookie(name, "", path, null, 0, false, false);
}
@Override
