Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Avoid deleting old client sessions #41548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ahus1 merged 2 commits into from
Aug 26, 2025
Merged

Avoid deleting old client sessions #41548

ahus1 merged 2 commits into from
Aug 26, 2025

Conversation

@ahus1
Copy link
Contributor

@ahus1 ahus1 commented Jul 30, 2025

If this is done concurrently, this can load to errors with Hibernate and its optimistic locking

Closes #41427

@ahus1
Avoid deleting old client sessions
3f08905 
If this is done concurrently, this can load to errors with Hibernate and its optimistic locking

Closes keycloak#41427

Signed-off-by: Alexander Schwartz <[email protected]>
@ahus1 ahus1 self-assigned this Jul 30, 2025
keycloak-github-bot[bot]
keycloak-github-bot bot reviewed Jul 30, 2025
View reviewed changes
Copy link

@keycloak-github-bot keycloak-github-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link

keycloak-github-bot bot commented Jul 30, 2025

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.federation.ldap.LDAPGroupMapperTest#test06_addingUserToNewKeycloakGroup

Keycloak CI - Base IT (5)

java.lang.AssertionError
	at org.junit.Assert.fail(Assert.java:87)
	at org.junit.Assert.assertTrue(Assert.java:42)
	at org.junit.Assert.assertTrue(Assert.java:53)
	at org.keycloak.testsuite.federation.ldap.LDAPGroupMapperTest.lambda$test06_addingUserToNewKeycloakGroup$26a8868a$3(LDAPGroupMapperTest.java:656)
...

Report flaky test

@ahus1 ahus1 marked this pull request as ready for review July 31, 2025 06:51
@ahus1 ahus1 requested review from a team as code owners July 31, 2025 06:51
@ahus1 ahus1 marked this pull request as draft July 31, 2025 06:52
@ahus1
Copy link
Contributor Author

ahus1 commented Aug 1, 2025

@lbilger - I've pushed a change that will skip the deletion. Can you give this change a try in a local build?

I might need some more time to come up with a local test in our test suite ... this might happen also only when an item is no longer in the cache?

@ahus1 ahus1 marked this pull request as ready for review August 25, 2025 15:34
@ahus1
Copy link
Contributor Author

ahus1 commented Aug 25, 2025

@pruivo - please give it a review when you have the time. I can't think of a good way to add a test for this, and I would hope the existing tests should suffice for that. Let's hear what you think of this. Thanks!

@pruivo
Copy link
Member

pruivo commented Aug 25, 2025

@ahus1 it looks fine to me as it seems a waste of queries/operation to remove expired sessions (the remove expired task will take care of it)

@lbilger
Copy link

lbilger commented Aug 25, 2025

Hi @ahus1, some days ago I have deployed a locally-built version of Keycloak including your fix to one of our environments and haven't seen this error there since. So to me it looks like your fix is working. Looking forward to see it merged and released. Thanks a lot for your help!

pruivo
pruivo previously approved these changes Aug 25, 2025
View reviewed changes
@pruivo
Copy link
Member

pruivo commented Aug 25, 2025

@ahus1 if it is ok, may you fix it here too?

keycloak/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java

Lines 411 to 416 in 9322d71

AuthenticatedClientSessionAdapter clientAdapter = importClientSession((UserSessionAdapter<?>) userSession, clientSession, getTransaction(true),
getClientSessionTransaction(true), true);
if (clientAdapter == null) {
persister.removeClientSession(userSession.getId(), client.getId(), true);
}

@ahus1
Rework
2571da6 
Signed-off-by: Alexander Schwartz <[email protected]>
@ahus1 ahus1 requested a review from pruivo August 26, 2025 05:56
@ahus1
Copy link
Contributor Author

ahus1 commented Aug 26, 2025

@pruivo - thanks, I reworked the PR. Please re-review.

pruivo
pruivo approved these changes Aug 26, 2025
View reviewed changes
Copy link
Member

@pruivo pruivo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ahus1 ahus1 merged commit 36cbbbc into keycloak:main Aug 26, 2025
76 checks passed
@marcusdacoregio marcusdacoregio mentioned this pull request Sep 2, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pruivo pruivo pruivo approved these changes

+1 more reviewer

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ahus1 ahus1

Labels

flaky-test team/sre

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Parallel token exchange fails if client session is expired

3 participants

@ahus1 @pruivo @lbilger