<div dir="ltr">As long as the token is refreshed Keycloak sees it as an active user. Simplest option would be to make your app stop doing the background requests after a while, which would result in in the session timing out. It could also trigger a logout of the user from the application itself. Alternatively we could potentially do something like having adding a proprietary option to the refresh request to prevent it being seen as "user activity", but I'm less keen on that since it'd be non-standard OIDC.</div><div class="gmail_extra"><br><div class="gmail_quote">On 7 September 2016 at 12:41, sheishere b <span dir="ltr"><<a href="mailto:sheishere48@gmail.com" target="_blank">sheishere48@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>We have node js integrated with keycloak & keycloak is running as a service in jboss.</div><div>There are many http requests being sent from browser to server in the background as part of auto refresh of some tables.</div><div>So if user has opened browser & remains inactive; in the background many requests are made. Keycloak will never detect inactivity & hence session will never be invalidated after session inactivity timeout.</div><div>Is there a way in keycloak to ignore such background requests from being considered for session alive scenarios?</div><div><br></div></div>
<br>______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>