[keycloak-dev] Admin API: Delete session id

Eivind Larsen eivind at jotta.no
Mon Jun 25 03:50:45 EDT 2018


Hi Keycloak Devs!

In the admin API there is a call to delete a session by ID:

DELETE /{realm}/sessions/{session_id}

This works for user (online) sessions, but when given the session ID of an
offline session, it gives 404 error and nothing is deleted.

Seeing as this is the only way to delete a given as session by id,
I would expect the call to work for offline sessions as well,
ideally deleting both the user session and the offline session by this id.

What do you think?

Is there an alternative way to delete an offline session by id?

I think it would be more useful if this call was scoped per user.
Currently you have to load all user sessions, verify that this session ID
is indeed owned by the user, then call delete. Scoping per user would make
it impossible to delete a wrong user's session, and it would reduce
requests to the keycloak instance.

Best Regards,
Eivind Larsen


More information about the keycloak-dev mailing list