Re: [keycloak-dev] regarding expired sessions and token life-span
TLDR; only offline tokens require database storage.
We have regular tokens and offline tokens. We do not store regular
tokens in memory or on disk. Instead, we have the concept of a login
session (UserSessionModel) which hold metadata about the login. These
sessions are stored in memory and within a distributed cache if in a
cluster. Access and Refresh tokens are minted, digitally signed and
validated and created against metadata within the login session.
Offline tokens are very long lived and thus require their login
session being persisted in a database.
On Thu, Sep 28, 2017 at 9:05 AM, Kishan Sagathiya <ksagathi(a)redhat.com> wrote:
Hi,
I am trying to figure out how Keycloak deals with expired sessions and how
token lifespan affects Keycloak database size and performance.
But I dont understand the directory structure and where to find the
relevant code.
If someone could give some pointers regarding this that would be great
Thanks :)
-Kishan Sagathiya
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
Red Hat