There are 2 things here. Adding "persistent-sessions" is needed to
ensure that HTTP sessions of the applications, which are secured by
Keycloak, will remain persistent. But Keycloak auth-server itself
doesn't rely on Http sessions. So you also need to switch UserSession
provider in keycloak-server.json to either 'jpa' or 'mongo' . Default
provider is 'mem', which stores UserSessions just in memory and this
doesn't support server restarts. With JPA or Mongo, UserSessions will be
persistent, on the other hand there is performance penalty as each
login,logout or refresh token will need to load and save user sessions
data in DB.
From 1.1.X there is also infinispan UserSession provider, which is not
persistent by default, but you can use some infinispan addons
(CacheStores/CacheLoaders) to ensure data are persistent.
Also note that upgrade from 1.0.X to 1.1.X will also drop existing
UserSessions even if you have 'jpa' or 'mongo' as there is some change
in format of UserSessions. But upgrade between minor versions (like from
1.0.3 to 1.0.4) will probably work for you.
Marek
On 11.11.2014 01:52, Alarik Myrin wrote:
When upgrading keycloak, I recently faced the problem that the
upgrade
would essentially invalidate all the current user sessions. Has anyone
had any luck with using the <persistent-sessions/> tag in the wildfly
Undertow web subsystem to try and have user sessions survive a server
restart?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user