This also explained another difference I have seen. In 3.5.x CAS, if you stay on the login page for a while without typing anything. Then, you type in user credential, the first time you essentially get "session timed out". You would have to type user credential for the second time to login.
In 4.1.x CAS, nothing like that, you can wait for a long time, and type in user credentials, it just works, because flow is resumed and variables are restored. Yan On Thursday, July 28, 2016 at 11:03:19 AM UTC-4, Yan Zhou wrote: > > Hi there, > > Is this a correct statement? I have observed difference. > > CAS 4.1.x using web flow encryption to capture flow states and stores them > on the client side. Therefore, even after http session expires, the flow > can resume and continue. This means, I can walk away for hours, and as > long as my browser is up running, I can always come back and click > "Continue" to keep going. > > CAS 3.5.x does not do that, the flow execution key is plain text and > stored in HTTP session, flow ends as session idle timeout. This means, if > I walk away for hours, coming back and click "Continue", flow ends and > redirect me to the starting point of the flow. > > Thx., > > Yan > > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e975ea91-3759-45d0-9b21-5d9b1947e1f2%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.