Hi there, After upgrading from tomcat 7.0.59 to 7.0.67. I observed that, for some web app. and on Chrome, the final service ticket validation endpoint returns a set-cookie, with a different CASSESSION ID, therefore, the subsequent GET on the application URL goes back to the CAS login page.
The problem is that it only happens for _some_ web app and only see this on _Chrome_. It works correctly for Firefox. That does not mean it is a browser side issue, because the root problem is that CAS Server is issuing a new CAS SESSION ID when the endpoint is called for service ticket validation. Then, subsequent application specific GET request results in 302 and going back to CAS login page. When it works correctly on Firefox, the final service ticket validation returns 302, subsequent application specific GET request returns 200 and user enters into the application. We are using JAAS login and experienced this problem on both CAS 3.5.2 and CAS 4.1.4. CAS is built using overlay and runs on one single tomcat instance. Is there any debugging suggestion you can provide, such as set a breakpoint in CAS and see what is different for the working and non-working scenarios? Thanks, Yan -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
