Restarting an user session broken for persistent sessions

Fixes #43161 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
2026-01-09 23:12:06 -03:30 · 2025-10-03 18:27:57 +01:00 · 2025-10-03 18:27:57 +01:00 · 92d9fcfbac
commit 92d9fcfbac
parent 17f0f969b7
3 changed files with 9 additions and 2 deletions
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java
@ -363,6 +363,10 @@ public class UserSessionAdapter<T extends SessionRefreshStore & UserSessionProvi

    @Override
    public void restartSession(RealmModel realm, UserModel user, String loginUsername, String ipAddress, String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId) {
+        // Sending a delete statement for each client session may have a performance impact.
+        // The update task will clear the entity.getAuthenticatedClientSessions().
+        entity.getAuthenticatedClientSessions()
+                .forEach((ignored, clientSessionId) -> this.clientSessionUpdateTx.addTask(clientSessionId, Tasks.removeSync(offline)));
        UserSessionUpdateTask task = new UserSessionUpdateTask() {

            @Override
--- a/model/storage-private/src/main/java/org/keycloak/models/session/PersistentUserSessionAdapter.java
+++ b/model/storage-private/src/main/java/org/keycloak/models/session/PersistentUserSessionAdapter.java
@ -377,6 +377,7 @@ public class PersistentUserSessionAdapter implements OfflineUserSessionModel {

    public void setStarted(int started) {
        getData().setStarted(started);
+        model.setStarted(started);
    }

    public void setBrokerSessionId(String brokerSessionId) {
@ -458,12 +459,12 @@ public class PersistentUserSessionAdapter implements OfflineUserSessionModel {
            this.rememberMe = rememberMe;
        }

-        @Deprecated
+        @Deprecated(since = "26.5", forRemoval = true)
        public int getStarted() {
            return started;
        }

-        @Deprecated
+        @Deprecated(since = "26.5", forRemoval = true)
        public void setStarted(int started) {
            this.started = started;
        }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java
@ -526,6 +526,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
                kcSession.getContext().setRealm(r);
                r.setSsoSessionMaxLifespanRememberMe(r.getSsoSessionMaxLifespan() * 4);
                r.setSsoSessionIdleTimeoutRememberMe(r.getSsoSessionIdleTimeout() * 4);
+                r.setRememberMe(true);
            });

            // create an user session with remember-me enabled that is older than the default 'max lifespan' timeout but not older than the 'max lifespan remember-me' timeout.
@ -597,6 +598,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
                kcSession.getContext().setRealm(r);
                r.setSsoSessionMaxLifespanRememberMe(previousMaxLifespan);
                r.setSsoSessionIdleTimeoutRememberMe(previousMaxIdle);
+                r.setRememberMe(false);
            });
        }
    }