ahus1
commented
1 month ago From the docs:
For maximum idle expiration with clustered caches, last access time for entries is not always the same on all nodes. To ensure that entries have the same relative access times across clusters, Infinispan sends touch commands to all owners when keys are accessed.
Maybe it would be more efficient not to use maxIdle time at all, and instead use only max lifetime, as it wouldn't need to touch all owners on get.
Looking at the behavior of the client sessions, I wonder if and where an ickle query updates the last access time of an entry.
Describe the bug
(Ticket might later be moved to the Keycloak main repository)
We put user session into the cache with a max lifetime and an idle time. If we retrieve them, IMHO the idle time will be reset, and they will be removed once they are either idle or expired.
At the same time we're updating the entries whenever they are refreshed. So I wonder that the idle time should always be the same as the expiration time from the perspective of Infinispan. Keycloak will then on the next refresh update the lifetime and the expiry time with a new value.
This would also help us to prevent reading entries from the cache which then turn out to be expired from Keycloak's perspective.
Version
main
Expected behavior
Session entries in Infinispan should be removed when they are not refreshed - independent of when and how many times they are read from the cache.
Actual behavior
There is an idle time set to the refresh interval, and a max lifetime setting set to the maximum lifetime of the session.
How to Reproduce?
Look at the UI entries in the external Infinispan.
Anything else?
No response