Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-3726

"Remember me" user sessions remain valid after "remember me" realm setting is disabled [GHI#43328]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      authentication

      Describe the bug

      Disabling the "remember me" switch in realm setting does not invalidate existing user sessions created with "remember me" selected. Sessions created while the "remember me" switch was enabled continue to use their extended lifetime.

      Version

      main

      Regression

      [ ] The issue is a regression

      Expected behavior

      User sessions created with "remember me" enabled should be invalidate when "remember me" is disabled in realm settings.

      Actual behavior

      User sessions created with "remember me" enabled are still valid when "remember me" is disabled in realm settings.

      How to Reproduce?

      • Enable "remember me" in realm settings
      • Login in account console checking the "remember me" checkbox
      • Disable "remember me" in realm settings
      • Refresh the account console, the session is still valid

      Anything else?

      No response

              Unassigned Unassigned
              pvlha Pavel Vlha
              Keycloak Core Clients
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: