[keycloak-user] Session already invalidated
Amat, Juan (Nokia - US)
juan.amat at nokia.com
Tue Mar 14 12:20:51 EDT 2017
> >
> > Another thing is, that in the last mail of the thread you referenced,
> > it's mentioned that there is bug in undertow. It will be fixed in undertow
> 1.4.7.Final.
> > So once it's possible to have Wildfly upgraded to this version, it
> > won't be needed to have try/catch block anymore.
> [JA]
> Can you point me to the undertow ticket? I seem to remember reading some
> ticket where they wanted to fix a similar issue but decided against as anyway
> there is a still a time window when the session can be invalidated by another
> thread.
[JA] I probably got confused I was referring to this ticket: https://issues.jboss.org/browse/UNDERTOW-909
And indeed it was fixed in 1.4.7.Final. Not sure if this the same use case.
In any case, ideally for me, Keycloak could have a 'invalidateSessionOnLogout' flag (as undertow has).
By default it could be set to 'true' to keep the existing behavior but then applications could change it.
More information about the keycloak-user
mailing list