Configurable session limits bug on chrome & edge

keycloak / keycloak

Open Source Identity and Access Management For Modern Applications and Services

https://www.keycloak.org

Apache License 2.0

23.43k stars 6.77k forks source link

Configurable session limits bug on chrome & edge #14197

Closed gabisonia closed 1 year ago

gabisonia commented 2 years ago

Describe the bug

I have configured session limit in Keycloak and it works only on firefox.

Version

18.0.0

Expected behavior

When I try to sign in using same user I should be logged out.

Actual behavior

I'm still signed in and session is active.

How to Reproduce?

Authentication -> Flows -> New Flow -> Add execution -> User Session Count Limiter

And set Maximum concurrent sessions for each user within this realm to 1.

Use chrome or edge.

Anything else?

No response

lexcao commented 2 years ago

Hi, @gabisonia From the docs

Note that the user session limits should be added to your bound Browser flow, Direct grant flow, Reset credentials and also to any Post broker login flow. Currently, the administrator is responsible for maintaining consistency between the different configurations.

Different from your reproduce steps, could you please try following the docs?

gabisonia commented 2 years ago

Hi @lexcao Thanks for the answer, is there any other way to implement it in version 18.0.0?

lexcao commented 2 years ago

Hi @gabisonia Here is the same docs of version 18.0

mposolda commented 1 year ago

@lexcao Thanks for answering this question. I am closing as this does not look like a valid bug.