As long as the token is refreshed Keycloak sees it as an active user. Simplest option would be to make your app stop doing the background requests after a while, which would result in in the session timing out. It could also trigger a logout of the user from the application itself. Alternatively we could potentially do something like having adding a proprietary option to the refresh request to prevent it being seen as "user activity", but I'm less keen on that since it'd be non-standard OIDC. On 7 September 2016 at 12:41, sheishere b <sheishere48(a)gmail.com&gt; wrote: > We have node js integrated with keycloak & keycloak is running as a > service in jboss. > There are many http requests being sent from browser to server in the > background as part of auto refresh of some tables. > So if user has opened browser & remains inactive; in the background many > requests are made. Keycloak will never detect inactivity & hence session > will never be invalidated after session inactivity timeout. > Is there a way in keycloak to ignore such background requests from being > considered for session alive scenarios? > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >