[keycloak-user] Persistent sessions

Marek Posolda mposolda at redhat.com
Tue Nov 11 05:31:55 EST 2014

There are 2 things here. Adding "persistent-sessions" is needed to 
ensure that HTTP sessions of the applications, which are secured by 
Keycloak, will remain persistent. But Keycloak auth-server itself 
doesn't rely on Http sessions. So you also need to switch UserSession 
provider in keycloak-server.json to either 'jpa' or 'mongo' . Default 
provider is 'mem', which stores UserSessions just in memory and this 
doesn't support server restarts. With JPA or Mongo, UserSessions will be 
persistent, on the other hand there is performance penalty as each 
login,logout or refresh token will need to load and save user sessions 
data in DB.

 From 1.1.X there is also infinispan UserSession provider, which is not 
persistent by default, but you can use some infinispan addons 
(CacheStores/CacheLoaders) to ensure data are persistent.

Also note that upgrade from 1.0.X to 1.1.X will also drop existing 
UserSessions even if you have 'jpa' or 'mongo' as there is some change 
in format of UserSessions. But upgrade between minor versions (like from 
1.0.3 to 1.0.4) will probably work for you.


On 11.11.2014 01:52, Alarik Myrin wrote:
> When upgrading keycloak, I recently faced the problem that the upgrade 
> would essentially invalidate all the current user sessions. Has anyone 
> had any luck with using the <persistent-sessions/> tag in the wildfly 
> Undertow web subsystem to try and have user sessions survive a server 
> restart?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141111/4166fd82/attachment.html 

More information about the keycloak-user mailing list