Restarting an user session broken for persistent sessions

Fixes #43161 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
2026-01-10 15:32:05 -03:30 · 2025-10-02 20:29:04 +01:00 · 2025-10-02 20:29:04 +01:00 · 4f24f93b85
commit 4f24f93b85
parent f7803ae041
3 changed files with 8 additions and 2 deletions
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java
@ -344,6 +344,9 @@ public class UserSessionAdapter<T extends SessionRefreshStore & UserSessionProvi

    @Override
    public void restartSession(RealmModel realm, UserModel user, String loginUsername, String ipAddress, String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId) {
+        // Sending a delete statement for each client session may have a performance impact.
+        // The update task will clear the entity.getClientSessions() set.
+        entity.getClientSessions().forEach(clientUUID -> this.clientSessionUpdateTx.addTask(new EmbeddedClientSessionKey(entity.getId(), clientUUID), Tasks.removeSync(offline)));
        UserSessionUpdateTask task = new UserSessionUpdateTask() {

            @Override
--- a/model/storage-private/src/main/java/org/keycloak/models/session/PersistentUserSessionAdapter.java
+++ b/model/storage-private/src/main/java/org/keycloak/models/session/PersistentUserSessionAdapter.java
@ -381,6 +381,7 @@ public class PersistentUserSessionAdapter implements OfflineUserSessionModel {

    public void setStarted(int started) {
        getData().setStarted(started);
+        model.setStarted(started);
    }

    public void setBrokerSessionId(String brokerSessionId) {
@ -466,12 +467,12 @@ public class PersistentUserSessionAdapter implements OfflineUserSessionModel {
            this.rememberMe = rememberMe;
        }

-        @Deprecated
+        @Deprecated(since = "26.5", forRemoval = true)
        public int getStarted() {
            return started;
        }

-        @Deprecated
+        @Deprecated(since = "26.5", forRemoval = true)
        public void setStarted(int started) {
            this.started = started;
        }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java
@ -526,6 +526,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
                kcSession.getContext().setRealm(r);
                r.setSsoSessionMaxLifespanRememberMe(r.getSsoSessionMaxLifespan() * 4);
                r.setSsoSessionIdleTimeoutRememberMe(r.getSsoSessionIdleTimeout() * 4);
+                r.setRememberMe(true);
            });

            // create an user session with remember-me enabled that is older than the default 'max lifespan' timeout but not older than the 'max lifespan remember-me' timeout.
@ -597,6 +598,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
                kcSession.getContext().setRealm(r);
                r.setSsoSessionMaxLifespanRememberMe(previousMaxLifespan);
                r.setSsoSessionIdleTimeoutRememberMe(previousMaxIdle);
+                r.setRememberMe(false);
            });
        }
    }