There are 2 things here. Adding
"persistent-sessions" is needed to ensure that HTTP sessions of
the applications, which are secured by Keycloak, will remain
persistent. But Keycloak auth-server itself doesn't rely on Http
sessions. So you also need to switch UserSession provider in
keycloak-server.json to either 'jpa' or 'mongo' . Default provider
is 'mem', which stores UserSessions just in memory and this
doesn't support server restarts. With JPA or Mongo, UserSessions
will be persistent, on the other hand there is performance penalty
as each login,logout or refresh token will need to load and save
user sessions data in DB.
From 1.1.X there is also infinispan UserSession provider, which is
not persistent by default, but you can use some infinispan addons
(CacheStores/CacheLoaders) to ensure data are persistent.
Also note that upgrade from 1.0.X to 1.1.X will also drop existing
UserSessions even if you have 'jpa' or 'mongo' as there is some
change in format of UserSessions. But upgrade between minor
versions (like from 1.0.3 to 1.0.4) will probably work for you.
Marek
On 11.11.2014 01:52, Alarik Myrin wrote:
When upgrading keycloak, I recently faced the
problem that the upgrade would essentially invalidate all the
current user sessions. Has anyone had any luck with using
the <persistent-sessions/> tag in the wildfly Undertow web
subsystem to try and have user sessions survive a server
restart?
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user