[prev in list] [next in list] [prev in thread] [next in thread] 

List:       keycloak-dev
Subject:    [keycloak-dev] regarding expired sessions and token life-span
From:       bburke () redhat ! com (Bill Burke)
Date:       2017-09-29 13:49:26
Message-ID: CABRXCmzGr0FYJS0qyUAVc0wi3YQNZF=8RnNF2P+TX6t35eKjQw () mail ! gmail ! com
[Download RAW message or body]

TLDR; only offline tokens require database storage.

We have regular tokens and offline tokens.  We do not store regular
tokens in memory or on disk.  Instead, we have the concept of a login
session (UserSessionModel) which hold metadata about the login.  These
sessions are stored in memory and within a distributed cache if in a
cluster.  Access and Refresh tokens are minted, digitally signed and
validated and created against metadata within the login session.

Offline tokens are very long lived and thus require their login
session being persisted in a database.



On Thu, Sep 28, 2017 at 9:05 AM, Kishan Sagathiya <ksagathi at redhat.com> wrote:
> Hi,
> I am trying to figure out how Keycloak deals with expired sessions and how
> token lifespan affects Keycloak database size and performance.
> But I dont understand the directory structure and where to find the
> relevant code.
> If someone could give some pointers regarding this that would be great
> Thanks :)
>
> -Kishan Sagathiya
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



-- 
Bill Burke
Red Hat

[prev in list] [next in list] [prev in thread] [next in thread]