You're actually getting two cookies. The original one created on login, and during logout, one is being created with an extra "/", thus you end up with two cookies instead of the original one being overwritten with an empty value.
Does anything different happen if you don't send the "url" parameter? (it shouldn't but it helps to strip it down to the minimum). On Wed, Dec 19, 2012 at 8:27 AM, Mckenzie J <mck2...@gmail.com> wrote: > No the cookie sent does not have a path . i rechecked or domain. there > is no typo:( > > On Wed, Dec 19, 2012 at 6:00 PM, Scott Battaglia > <scott.battag...@gmail.com> wrote: > > According to this your cookies have two different paths: > > > > CASTGC > > > TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org > > /cas-server-webapp-3.5.1 End Of Session > > > > CASTGC "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT > > > > Their paths should have been constructed the same way. Is that a typo on > > your end? > > > > > > > > On Wed, Dec 19, 2012 at 1:12 AM, Mckenzie J <mck2...@gmail.com> wrote: > >> > >> Hi, > >> > >> We are successfully able to logout of CAS . But We are in the process > of a > >> seamles redirection of the CAS logout to the application again. We are > also > >> able to achieve this as configuring the url parameter of the /cas/logout > >> pointing to the application URL. > >> > >> Our spring has been configured with the service URL as > >> https://APPURL/j_spring_cas_security_check for ServiceProperties and > refered > >> by the casProcessingFilterEntryPoint.So the request is further > redirected to > >> the CAS Loginpage configured as the loginurl in the spring.xml. > >> > >> A strange thing i notice is with the cookies in the Http Fox that shows > >> calling of the /cas/logout as below > >> Cookie sent : > >> > >> CASTGC > >> > TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org > >> End Of Session > >> > >> Cookie Recieved: > >> > >> CASTGC > >> > TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org > >> /cas-server-webapp-3.5.1 End Of Session > >> > >> CASTGC "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT > >> > >> CASPRIVACY "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT > >> > >> There is a redirect to /login Page of CAS after this ,which shows > >> existence of the CASTGC cookie still in the browser, which ideally > should > >> not be. I am not sure why this redirection to /login page happens and > also I > >> suppose this might be a cause of issue. To trace the flow , I debugged > CAS > >> and I could see the following exception > >> java.lang.IllegalStateException: No active FlowSession to access; this > >> FlowExecution has ended > >> > >> It looks like the InitialFlowSetupAction is either not setting the > >> configured service in Flowscope or there is some problem due to the > call of > >> /login page which interrupts the flow. > >> > >> I am looking for the solution for the following: > >> > >> 1. Is there any workaround so that i need not close my browser after > >> logging out, which will givem a seamless experience. > >> > >> 2. Does the LogoutController invoked at call of /logout clear the > cookies > >> even in the browser side as well. if so what is that i am missing which > >> makes me see the cookie still there. > >> > >> Please provide guidance. I have attached the spring config we are using. > >> If there needs any change please suggest. > >> > >> Thanks, > >> Mckenzie > >> > >> > >> > >> Regards, > >> Mckenzie > >> -- > >> You are currently subscribed to cas-dev@lists.jasig.org as: > >> scott.battag...@gmail.com > >> > >> To unsubscribe, change settings or access archives, see > >> http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > > > -- > > You are currently subscribed to cas-dev@lists.jasig.org as: > > mck2...@gmail.com > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
