Re: [keycloak-dev] User sessions added

User sessions have been added. In summary when a user logs in a new session is created (and persisted in the model). The identity cookie as well as all tokens/refresh-tokens are associated with a session. When a user logs out the session is invalidated (removed from the model), which invalidates the identity cookie and all tokens/refresh-tokens. There's two related issues left to do: * Make sure adapters only log out a specific session (if LoginAction contains a session id) * Allow a user to log out all sessions through the account management console Also, we may want some mechanism to retrieve the status of a session from applications. This could be a REST endpoint, or the crazy iframe technique from OpenID Connect. I think this can be postponed to after 1.0 though. _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev