From 69466777c0a5b523eb2caa9b8bb607401831aea1 Mon Sep 17 00:00:00 2001 From: Marek Posolda Date: Wed, 27 Sep 2023 15:14:52 +0200 Subject: [PATCH] Clarify transient sessions documentation (#23328) Closes #23044 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> --- .../server_admin/topics/sessions/transient.adoc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/documentation/server_admin/topics/sessions/transient.adoc b/docs/documentation/server_admin/topics/sessions/transient.adoc index 1d80586ee9..f6e3478393 100644 --- a/docs/documentation/server_admin/topics/sessions/transient.adoc +++ b/docs/documentation/server_admin/topics/sessions/transient.adoc @@ -5,5 +5,9 @@ You can conduct transient sessions in {project_name}. When using transient sessions, {project_name} does not create a user session after successful authentication. {project_name} creates a temporary, transient session for the scope of the current request that successfully authenticates the user. {project_name} can run <<_protocol-mappers, protocol mappers>> using transient sessions after authentication. -During transient sessions, the client application cannot refresh tokens, introspect tokens, or validate a specific session. Sometimes these actions are unnecessary, so you can avoid the additional resource use of persisting user sessions. This session saves performance, memory, and network communication (in cluster and cross-data center environments) resources. +The `sid` and `session_state` of the tokens are usually empty when the token is issued with transient sessions. So during transient sessions, the client application cannot refresh tokens or validate a specific session. +Sometimes these actions are unnecessary, so you can avoid the additional resource use of persisting user sessions. This session saves performance, memory, and network communication (in cluster and cross-data center environments) resources. + +At this moment, transient sessions are automatically used just during <<_service_accounts, service account authentication>> with disabled token refresh. Note that token refresh is +automatically disabled during service account authentication unless explicitly enabled by client switch `Use refresh tokens for client credentials grant`.