[keycloak-dev] ClientSessions may never be removed

Stian Thorgersen stian at redhat.com
Wed Oct 29 14:03:00 EDT 2014


Looks like it's only Mongo and JPA that's doing this, while both mem and Infinispan are not.

I reckon we just fix it for mem and Infinispan, there's not really any need for two separate methods.

----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>, "keycloak dev" <keycloak-dev at lists.jboss.org>
> Sent: Wednesday, 29 October, 2014 5:28:10 PM
> Subject: Re: [keycloak-dev] ClientSessions may never be removed
> 
> Right now we are already doing the cleanup of expired ClientSessions in
> UserSessionProvider.removeExpiredUserSessions() for mem, jpa and mongo
> providers.
> 
> So it seems that only one missing is InfinispanUserSessionProvider.
> 
> Maybe it's better to introduce new method on UserSessionProvider like
> "removeExpiredClientSessions()" and move the removal of expired client
> sessions there? Or we can keep as it is and just fix the infinispan
> provider? Not sure which possibility is better.
> 
> Marek
> 
> On 29.10.2014 16:23, Stian Thorgersen wrote:
> > As new client sessions are initially detached there's a chance they are
> > never linked to a user session (for example user closes browser when login
> > page is displayed). These client sessions are never removed. I reckon we
> > need to have a similar garbage collection of client sessions as we do for
> > user sessions.
> >
> > https://issues.jboss.org/browse/KEYCLOAK-788
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
> 


More information about the keycloak-dev mailing list