Home > Enterprise >  What is the exact use of storing user session in Infinispan cache in a Keycloak cluster?
What is the exact use of storing user session in Infinispan cache in a Keycloak cluster?

Time:11-21

I'm new to Keycloak. Sorry, if it's a noob question.

Suppose we have a Keycloak cluster and we have a distributed cache, known as Infinispan.

When a user logs in, I believe, a user session and current authentication session is stored in the cache?

How are the access token and that session co-related?

Access tokens have their own expiry date. Sessions cant be used for validating either.

Is user session and authentication session only used for refresh tokens?

I don't exactly know the point of storing them and how is it of any use?

CodePudding user response:

Yes, there are a lot of things going on here.

After a user authenticates, the client is given some tokens (access/refresh/Id...).

But where should the tokens be stored? one option that some frameworks do, is to put them in the session cookie and use session cookies to remember the user and keep him signed-in.

An alternative is to store them in some cache/DB and just use a key to retrieve the tokens. The key can then be stored in the session cookie.

The received ID-token is typically used to create a cookie based user session, to remember the user between page-loads in the browser.

The access token is only used to access API's from the client and it can be stored inside the cookie or in the backend or some other "store".

  • Related