OK, thx for explanation. I cannot see any TGC cookie in my browser. Why is that? If it is not there, how does Browser send to CAS server?
Yan On Fri, Oct 21, 2016 at 5:47 PM, Andrew Morgan <[email protected]> wrote: > On Fri, 21 Oct 2016, Yan Zhou wrote: > > Hello, >> >> It was said that the TGT cookie (TGC) is hidden, so that we won't see it. >> >> I am curious how browser can send such hidden cookie to CAS, when user >> goes >> to apps? If browser can see it, there should be a way for us to see it. >> >> The reason I am asking is because I noticed that Ajax XhrRequest does not >> seem to send TGC cookie in some circumstances, so I need to investigate. >> > > The TGC is set by the CAS server using the domain of the CAS server. For > example, my CAS server is at https://login.oregonstate.edu/cas/ and the > TGC has a domain of "login.oregonstate.edu" and a path of "/cas". The > browser will only send the cookie to the CAS, not the CAS client. > > The TGC persists the SSO session. It is not used by client applications. > They receive a Service Ticket (ST) appended to the URL and validate the ST > by calling CAS's /serviceValidate endpoint. > > A more complete description of this can be found at: > > https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html > > Thanks, > Andy > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFSoZendeDth%3D1WW%3DS3c%2BR_6Gdw99pX%2Bn32gmpRAuBJz0Xfupg%40mail.gmail.com.
