Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-788

ClientSessions may never be removed

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Done
    • None
    • 1.1.0.Beta1
    • None
    • None

    Description

      If a user opens the login page and doesn't login we're left with a ClientSessionModel that is never deleted. This will slowly over time fill up the memory.

      This is also a potential DoS attack.

      Attachments

        Activity

          People

            mposolda@redhat.com Marek Posolda
            sthorger@redhat.com Stian Thorgersen
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: