We are running CAS 3.6 with tomcat 8 and in some instances when 2 users are 
logging in user A is logged in as User B on the client application. So the 
session information for the first user ends up being used.

We noticed that in the tomcat access logs both users shared the same 
Jsessionid. It appears that a unique Jsessionid was not generated for the 
second user when they arrived on the login page.

Has anyone encountered a similar issue? If so any suggestions.


Juan Quintanilla

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

Reply via email to