Dont see /logout URL reference there so CAS is confused on where to redirectr after logout!!!
Lava Kafle Ms by Research in Computer Science Kathmandu University http://ku.edu.np cell: 9841224387 9801034557 On Fri, May 4, 2012 at 9:27 AM, elvis wang <elvise...@gmail.com> wrote: > On CAS Server, if I set cookieSecure attribute as false > in ticketGrantingTicketCookieGenerator.xml, > the CASTGC cookie could be deleted when logout. But user can still browse > the testing webapp without login again. > > <bean id="ticketGrantingTicketCookieGenerator" > class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" > p:cookieSecure="false" > p:cookieMaxAge="-1" > p:cookieName="CASTGC" > p:cookiePath="/cas" /> > > > 2012/5/4 elvis wang <elvise...@gmail.com> > >> Here is the web.xml of testing webapp, >> >> >> <filter> >> <filter-name>CAS Authentication Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >> <init-param> >> <param-name>casServerLoginUrl</param-name> >> <param-value>https://casserver-domain:8443/cas/login</param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>http://elvis.cht.com.tw:8080</param-value> >> </init-param> >> <init-param> >> <param-name>renew</param-name> >> <param-value>false</param-value> >> </init-param> >> <init-param> >> <param-name>gateway</param-name> >> <param-value>false</param-value> >> </init-param> >> </filter> >> >> >> 2012/5/4 elvis wang <elvise...@gmail.com> >> >>> HTTPS, I think~ >>> >>> >>> 2012/5/4 elvis wang <elvise...@gmail.com> >>> >>>> Hi, Scott, >>>> >>>> HTTPS I thins~ >>>> >>>> My testing app: http, >>>> and CAS: https. >>>> >>>> >>>> 2012/5/4 Scott Battaglia <scott.battag...@gmail.com> >>>> >>>>> Did you log in over https or http? >>>>> >>>>> >>>>> On Thu, May 3, 2012 at 10:22 PM, elvis wang <elvise...@gmail.com>wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I just start to study/survey CAS solutions.... >>>>>> >>>>>> When user click 'logout' button from my testing webapp, the >>>>>> testing testapp redirect the request to the CAS logout url, >>>>>> https://cas-domain:8443/cas/logout?service=http://mywebapp, and >>>>>> CAS does shows logout successfully. >>>>>> >>>>>> However, I found the user is not really logout, he can still >>>>>> browse testing webapp pages, no needs to login again!! >>>>>> I ran CAS in debug mode and found that LogoutController cannot >>>>>> delete the CASTGC cookie because of the cookies in >>>>>> the request is null !! >>>>>> (LogoutController.handleRequestInternal()) >>>>>> >>>>>> Does anyone know how to solve the problem? >>>>>> >>>>>> CAS Server version: 3.4.2 >>>>>> CAS Client version: 3.2.1 >>>>>> >>>>>> >>>>>> Best regards, >>>>>> Elvis Wang. >>>>>> >>>>>> -- >>>>>> You are currently subscribed to cas-dev@lists.jasig.org as: >>>>>> scott.battag...@gmail.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>>>>> >>>>>> >>>>> -- >>>>> You are currently subscribed to cas-dev@lists.jasig.org as: >>>>> elvise...@gmail.com >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Best Regard, >>>> ChihHung. >>>> >>> >>> >>> >>> -- >>> Best Regard, >>> ChihHung. >>> >> >> >> >> -- >> Best Regard, >> ChihHung. >> > > > > -- > Best Regard, > ChihHung. > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: lka...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
