Hi, When using keycloak-servlet-filter-adapter, we saw that the http session expires at the same time the keycloak sso idle timeout occurs. Going through the code in OIDCSessionFilterStore, those lines seems to be the cause: // Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session //log.fine("Cleanup and expire session " + httpSession.getId() + " after failed refresh"); cleanSession(httpSession); httpSession.invalidate(); Is there a way to have different timeouts between the 2 ? We may want to keep the session alive in our app for longer than in keycloak (to be the same as the servlet container in our case). Cédric