On CAS Server, if I set cookieSecure attribute as false in ticketGrantingTicketCookieGenerator.xml, the CASTGC cookie could be deleted when logout. But user can still browse the testing webapp without login again.
<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="false" p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas" /> 2012/5/4 elvis wang <elvise...@gmail.com> > Here is the web.xml of testing webapp, > > > <filter> > <filter-name>CAS Authentication Filter</filter-name> > > <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> > <init-param> > <param-name>casServerLoginUrl</param-name> > <param-value>https://casserver-domain:8443/cas/login</param-value> > </init-param> > <init-param> > <param-name>serverName</param-name> > <param-value>http://elvis.cht.com.tw:8080</param-value> > </init-param> > <init-param> > <param-name>renew</param-name> > <param-value>false</param-value> > </init-param> > <init-param> > <param-name>gateway</param-name> > <param-value>false</param-value> > </init-param> > </filter> > > > 2012/5/4 elvis wang <elvise...@gmail.com> > >> HTTPS, I think~ >> >> >> 2012/5/4 elvis wang <elvise...@gmail.com> >> >>> Hi, Scott, >>> >>> HTTPS I thins~ >>> >>> My testing app: http, >>> and CAS: https. >>> >>> >>> 2012/5/4 Scott Battaglia <scott.battag...@gmail.com> >>> >>>> Did you log in over https or http? >>>> >>>> >>>> On Thu, May 3, 2012 at 10:22 PM, elvis wang <elvise...@gmail.com>wrote: >>>> >>>>> Hi, >>>>> >>>>> I just start to study/survey CAS solutions.... >>>>> >>>>> When user click 'logout' button from my testing webapp, the >>>>> testing testapp redirect the request to the CAS logout url, >>>>> https://cas-domain:8443/cas/logout?service=http://mywebapp, and >>>>> CAS does shows logout successfully. >>>>> >>>>> However, I found the user is not really logout, he can still >>>>> browse testing webapp pages, no needs to login again!! >>>>> I ran CAS in debug mode and found that LogoutController cannot >>>>> delete the CASTGC cookie because of the cookies in >>>>> the request is null !! >>>>> (LogoutController.handleRequestInternal()) >>>>> >>>>> Does anyone know how to solve the problem? >>>>> >>>>> CAS Server version: 3.4.2 >>>>> CAS Client version: 3.2.1 >>>>> >>>>> >>>>> Best regards, >>>>> Elvis Wang. >>>>> >>>>> -- >>>>> You are currently subscribed to cas-dev@lists.jasig.org as: >>>>> scott.battag...@gmail.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>>>> >>>>> >>>> -- >>>> You are currently subscribed to cas-dev@lists.jasig.org as: >>>> elvise...@gmail.com >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>>> >>>> >>> >>> >>> -- >>> Best Regard, >>> ChihHung. >>> >> >> >> >> -- >> Best Regard, >> ChihHung. >> > > > > -- > Best Regard, > ChihHung. > -- Best Regard, ChihHung. -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
