[keycloak-dev] ClientSessions may never be removed
Marek Posolda
mposolda at redhat.com
Wed Oct 29 12:28:10 EDT 2014
Right now we are already doing the cleanup of expired ClientSessions in
UserSessionProvider.removeExpiredUserSessions() for mem, jpa and mongo
providers.
So it seems that only one missing is InfinispanUserSessionProvider.
Maybe it's better to introduce new method on UserSessionProvider like
"removeExpiredClientSessions()" and move the removal of expired client
sessions there? Or we can keep as it is and just fix the infinispan
provider? Not sure which possibility is better.
Marek
On 29.10.2014 16:23, Stian Thorgersen wrote:
> As new client sessions are initially detached there's a chance they are never linked to a user session (for example user closes browser when login page is displayed). These client sessions are never removed. I reckon we need to have a similar garbage collection of client sessions as we do for user sessions.
>
> https://issues.jboss.org/browse/KEYCLOAK-788
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list