Can anyone tell me how Java sessions are managed relative to the servlet adapter? As we are switching over from JSESSIONID-based authentication to Keycloak, we have other non-security based services that are using @SessionScoped beans. While we can continue to reflect JSESSIONID are there any cases with Keycloak will invalidate and/or switch the HttpSession from request to request? Thanks, Craig ================================= *Craig Setera* *Chief Technology Officer*