[keycloak-user] Persistent sessions
Marek Posolda
mposolda at redhat.com
Tue Nov 11 05:31:55 EST 2014
There are 2 things here. Adding "persistent-sessions" is needed to
ensure that HTTP sessions of the applications, which are secured by
Keycloak, will remain persistent. But Keycloak auth-server itself
doesn't rely on Http sessions. So you also need to switch UserSession
provider in keycloak-server.json to either 'jpa' or 'mongo' . Default
provider is 'mem', which stores UserSessions just in memory and this
doesn't support server restarts. With JPA or Mongo, UserSessions will be
persistent, on the other hand there is performance penalty as each
login,logout or refresh token will need to load and save user sessions
data in DB.
From 1.1.X there is also infinispan UserSession provider, which is not
persistent by default, but you can use some infinispan addons
(CacheStores/CacheLoaders) to ensure data are persistent.
Also note that upgrade from 1.0.X to 1.1.X will also drop existing
UserSessions even if you have 'jpa' or 'mongo' as there is some change
in format of UserSessions. But upgrade between minor versions (like from
1.0.3 to 1.0.4) will probably work for you.
Marek
On 11.11.2014 01:52, Alarik Myrin wrote:
> When upgrading keycloak, I recently faced the problem that the upgrade
> would essentially invalidate all the current user sessions. Has anyone
> had any luck with using the <persistent-sessions/> tag in the wildfly
> Undertow web subsystem to try and have user sessions survive a server
> restart?
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141111/4166fd82/attachment.html
More information about the keycloak-user
mailing list