Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-4863

Invalidate existing user sessions at logon

    XMLWordPrintable

Details

    • Enhancement
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 3.0.0.Final
    • None
    • None

    Description

      Currently a user can log into multiple client application sessions across many devices.

      This may lead the user to believe that any existing sessions are no longer active as credentials are required each time whilst any previous sessions remain open for the duration of the access token. This is especially true if the user does not complete a system logoff, i.e. would simply close down a web browser.

      It would be useful to be able to secure the system further by providing a Realm or Client level configuration option to Invalidate Existing User Sessions at Logon

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              lellwood75 Leigh Ellwood (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: