[keycloak-user] session inactivity; ignoring auto refresh requests
Stian Thorgersen
sthorger at redhat.com
Thu Sep 8 02:38:06 EDT 2016
As long as the token is refreshed Keycloak sees it as an active user.
Simplest option would be to make your app stop doing the background
requests after a while, which would result in in the session timing out. It
could also trigger a logout of the user from the application itself.
Alternatively we could potentially do something like having adding a
proprietary option to the refresh request to prevent it being seen as "user
activity", but I'm less keen on that since it'd be non-standard OIDC.
On 7 September 2016 at 12:41, sheishere b <sheishere48 at gmail.com> wrote:
> We have node js integrated with keycloak & keycloak is running as a
> service in jboss.
> There are many http requests being sent from browser to server in the
> background as part of auto refresh of some tables.
> So if user has opened browser & remains inactive; in the background many
> requests are made. Keycloak will never detect inactivity & hence session
> will never be invalidated after session inactivity timeout.
> Is there a way in keycloak to ignore such background requests from being
> considered for session alive scenarios?
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160908/1a6d9df5/attachment-0001.html
More information about the keycloak-user
mailing list