I don't think you can necessarily know that user A has a second session as user B. You could compare the source IP addresses (stored as an attribute in the Authentication object)... perhaps go through the ticketRegistry and find all the TGTs with the same IP address and expire and remove them (when you expire a TGT, it will perform single-sign-out, which is the best you can do to revoke a session derived from a TGT). But that's going to annoy users who are behind a common NAT and thus share the same IP address.
________________________________ From: Nguyen Dao Ngoc Anh [harryp...@gmail.com] Sent: Friday, October 11, 2013 3:25 AM To: cas-dev@lists.jasig.org Subject: [cas-dev] How to invalidate overrided TGC cookies Hi guys, I'm new to CAS and SSO. I'm developing a system included multiple applications and I got a problem as bellow scenario: My system has 2 web applications: APP1 and APP2 I open login form of both APP1 and APP2 on 2 different tab of a browser but not login yet (eg: Mozilla Firefox) I enter user name and password on login form of APP1. CAS validate my inputted account successfully and redirect browser to APP1 Then, I enter another valid account on login form of APP2. CAS also accept my request and redirect browser to my APP2. In this case, the CASTGC cookie from CAS server of first account is overridden, but my APP1 is never know that current login account corresponding with first login is expired. So, my first account in APP1 is able to do everything My question is how make CAS expire the overridden CASTGC cookie and notify to every service of that account (like logout that account of the overridden cookie) Pls give me some suggestions to solve this problem Thanks and best regards, -- Nguyen Dao Ngoc Anh (Mr.) email: harryp...@gmail.com<mailto:harryp...@gmail.com> anh...@live.com<mailto:anh...@live.com> phone: (+84)947265787 -- You are currently subscribed to cas-dev@lists.jasig.org<mailto:cas-dev@lists.jasig.org> as: nsa...@silverspringnet.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
