[keycloak-dev] sticky sessions
Bill Burke
bburke at redhat.com
Wed Dec 2 09:34:35 EST 2015
IMO, we need to highlight and document that when using a load balancer
in a cluster, sticky sessions should be enabled. We might even want to
consider adding support for sticky sessions for the code2token flow.
The obvious reason is performance. Login can span multiple HTTP
requests. If you have N nodes in the cluster with no clustering you
have the possibility of the same user being retrieved from the database
N times. One time for each authentication request (username/password,
OTP page, required actions) and finally for the code 2 token request.
Until I look into fixing it the auth SPI does a few extra redirects
right now too.
Code 2 token could simply have a callback URI so that the code 2 token
request hits the same machine the code was created on.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list