Keycloak AuthenticationFlowContext context - Session value


I’ve created a custom brower login provider which extends UsernamePasswordForm to include a Captcha button like the option that’s in place on the Keycloak registration setup, it’s loosely based on this one but with various modifications:

All is working well with it but I want to add one addition that saves to session the fact that the user has completed the Captcha once so that they don’t need to submit it again until their next browser visit (eg if they get their password wrong but the captcha correct, they don’t have to do the Captcha again until the next time they open their browser).

I’ve tried this using the KeycloakSession object on the AuthenticationFlowContext, eg:

KeycloakSession session = context.getSession();
session.setAttribute("LOGIN_RECAPTCHA_PASSED", true);

But this session value doesn’t seem to persist for future visits (eg a page refresh or another postback after the first one), when using session.getAttribute("LOGIN_RECAPTCHA_PASSED") the value isn’t maintained - is this going to be possible? I was hoping to do this in session so that it can’t be tampered with and the fact that it can be held until the user comes back in future visits.

Hopefully that makes sense.