Hi @SnapPetal , this ticket is mostly a duplicate of 14511. In short, we will not be able to connect the oidc session with the client session, they work differently. Therefore, this cannot be included in the spring session. At the same time, it makes sense to implement JdbcOidcSessionRegistry within the framework of spring security. This can be quite a time consuming task and the community will thank you so much if you open a PR :)
For redis based implementation, the easiest way is to make a simple implementation, for example, OidcSessionRegistryImpl, together with spring cache, this way you can achieve the behavior you need.

@franticticktick I am confused about OidcSessionRegistryImpl would work? Also how does OIDC Session and Spring Security work togethor?

We have two nodes using Spring Security with session information stored in Redis. However, the OIDC session is managed by an InMemoryRegistry, leading to issues with back-channel logout, where only one node processes it and the other retains session info.

Can we store the OIDC session in Redis as well? If possible, we should update the documentation to clarify this for others. I’d like to understand why the current setup is implemented this way.