[keycloak-user] Tomcat session timeout using spring-security adapter
Ken Haendel
khaendel at ehotel.de
Wed Feb 20 05:11:01 EST 2019
Hello Keycloak users,
I want to secure a web-app using tomcat and the spring-security adapter.
Since the token timeout values are configured in the Keycloak,
1.
to which value should i set the tomcat session timeout to not interfere
with the keycloak token timeouts.
Currently my settings in web.xml are:
<session-config>
<!-- must be set to infinite for keycloak ??? -->
<session-timeout>-1</session-timeout>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
and
2.
is there a disadvantage to use indefinite sessions?
Thank you in advance and kind regards,
Ken
-------------- next part --------------
A non-text attachment was scrubbed...
Name: khaendel.vcf
Type: text/x-vcard
Size: 185 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190220/02dc3516/attachment.vcf
More information about the keycloak-user
mailing list