From f3c393f53ee52ed59b25d3dccbe5470f1a497e89 Mon Sep 17 00:00:00 2001
From: Erik Jan de Wit <erikjan.dewit@gmail.com>
Date: Wed, 31 May 2023 21:25:20 +0200
Subject: [PATCH] use the "remember me" max time if set for expires (#20413)

fixes: #9264
---
 .../services/resources/account/SessionResource.java         | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/account/SessionResource.java b/services/src/main/java/org/keycloak/services/resources/account/SessionResource.java
index b9f701d840..cecf77872f 100755
--- a/services/src/main/java/org/keycloak/services/resources/account/SessionResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/account/SessionResource.java
@@ -32,6 +32,7 @@ import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 import org.jboss.resteasy.annotations.cache.NoCache;
+import org.keycloak.common.util.Time;
 import org.keycloak.device.DeviceActivityManager;
 import org.keycloak.models.AccountRoles;
 import org.keycloak.models.ClientModel;
@@ -160,7 +161,10 @@ public class SessionResource {
         sessionRep.setIpAddress(s.getIpAddress());
         sessionRep.setStarted(s.getStarted());
         sessionRep.setLastAccess(s.getLastSessionRefresh());
-        sessionRep.setExpires(s.getStarted() + realm.getSsoSessionMaxLifespan());
+        int maxLifespan = s.isRememberMe() && realm.getSsoSessionMaxLifespanRememberMe() > 0
+                ? realm.getSsoSessionMaxLifespanRememberMe() : realm.getSsoSessionMaxLifespan();
+        int expires = s.getStarted() + maxLifespan;
+        sessionRep.setExpires(expires);
         sessionRep.setBrowser(device.getBrowser());
 
         if (isCurrentSession(s)) {