[keycloak-dev] regarding expired sessions and token life-span

Bill Burke bburke at redhat.com
Fri Sep 29 09:49:26 EDT 2017


TLDR; only offline tokens require database storage.

We have regular tokens and offline tokens.  We do not store regular
tokens in memory or on disk.  Instead, we have the concept of a login
session (UserSessionModel) which hold metadata about the login.  These
sessions are stored in memory and within a distributed cache if in a
cluster.  Access and Refresh tokens are minted, digitally signed and
validated and created against metadata within the login session.

Offline tokens are very long lived and thus require their login
session being persisted in a database.



On Thu, Sep 28, 2017 at 9:05 AM, Kishan Sagathiya <ksagathi at redhat.com> wrote:
> Hi,
> I am trying to figure out how Keycloak deals with expired sessions and how
> token lifespan affects Keycloak database size and performance.
> But I dont understand the directory structure and where to find the
> relevant code.
> If someone could give some pointers regarding this that would be great
> Thanks :)
>
> -Kishan Sagathiya
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



-- 
Bill Burke
Red Hat


More information about the keycloak-dev mailing list