Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-4863

Invalidate existing user sessions at logon

    XMLWordPrintable

Details

    • Enhancement
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 3.0.0.Final
    • None
    • None

    Description

      Currently a user can log into multiple client application sessions across many devices.

      This may lead the user to believe that any existing sessions are no longer active as credentials are required each time whilst any previous sessions remain open for the duration of the access token. This is especially true if the user does not complete a system logoff, i.e. would simply close down a web browser.

      It would be useful to be able to secure the system further by providing a Realm or Client level configuration option to Invalidate Existing User Sessions at Logon

      Attachments

        Issue Links

          duplicates

          Feature Request - Feature requests from customers and/or users KEYCLOAK-849 Enhance configurable session limits

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              lellwood75 Leigh Ellwood (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: