I am trying to setup a keycloak SSO with a Drupal project, and I am having some troubles with session expiration.
Keycloak has 2 type of sessions:
- a user session associated to KEYCLOAK_SESSION cookie
- a client session associated to the KEYCLOAK_IDENTITY cookie (associated with a keycloak client specific to drupal)
Drupal has it own session that it create after keycloak login with its own expiration.
Now when a user sign in without 'remember me' checked the user session (KEYCLOAK_SESSION) has an expiration date while client session (KEYCLOAK_IDENTITY) last until the user browser is closed.
When the user come back, we'd like for him to be logout, but he can still read his keycloak information because the user session is still alive.
So how can we setup keycloak so that the user session is also ended when the browser is closed ?
If we set "Session SSO Max" to 0 the session end instantly and we can't login at all. (Keycloak 23.0.6)
