mirrors/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-25 16:42:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removing the extra two-minute Window for persistent user sessions (#32660)

Browse Source 
Closes #28418

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
This commit is contained in:
Alexander Schwartz
2024-09-09 09:28:48 +02:00
committed by GitHub
parent e1d5f0c871
commit b88ecc0237
7 changed files with 29 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/documentation/server_admin/topics/sessions/timeouts.adoc
View File

@@ -93,6 +93,8 @@ image:images/tokens-tab.png[Tokens Tab]
[NOTE]
====
The following logic is only applied if persistent user sessions are not active:
For idle timeouts, a two-minute window of time exists that the session is active. For example, when you have the timeout set to 30 minutes, it will be 32 minutes before the session expires.
This action is necessary for some scenarios in cluster and cross-data center environments where the token refreshes on one cluster node a short time before the expiration and the other cluster nodes incorrectly consider the session as expired because they have not yet received the message about a successful refresh from the refreshing node.

8
docs/documentation/upgrading/topics/changes/changes-26_0_0.adoc
View File

@@ -246,6 +246,14 @@ Update your custom embedded Infinispan cache configuration file with configurati
For more details proceed to the https://www.keycloak.org/server/caching[Configuring distributed caches] guide.
= Grace period for idle sessions removed when persistent sessions are enabled
Previous versions of {project_name} added a grace period of two minutes to idle times of user and client sessions.
This was added due to a previous architecture where session refresh times were replicated asynchronously in a cluster.
With persistent user sessions, this is no longer necessary, and therefore the grace period is now removed.
To keep the old behavior, update your realm configuration and extend the session and client idle times by two minutes.
= Support for legacy `redirect_uri` parameter and SPI options has been removed
Previous versions of {project_name} had supported automatic logout of the user and redirecting to the application by opening logout endpoint URL such as