Paramvir, I assume that by session cookie you mean your client application's session cookie and not CAS's TGC. The client application is responsible for managing its own session. Once the user has been authenticated (service ticket validated), CAS is no longer required.
Ray On Tue, 2018-12-04 at 03:22 -0800, Paramvir Singh Karwal wrote: Hi Andy, My question is regarding the validation of session cookie, though first time, the service ticket is validated by calling CAS's endpoint, but in subsequent calls from the browser to application only session cookie is sent, how does application validates session cookie, does application server makes a record of the session cookie which can be checked with the incoming calls containing session cookie. As depicted in the diagram there is no call to CAS's from application server to validate the cookie this time. On Saturday, October 22, 2016 at 3:17:39 AM UTC+5:30, Andrew Morgan wrote: On Fri, 21 Oct 2016, Yan Zhou wrote: > Hello, > > It was said that the TGT cookie (TGC) is hidden, so that we won't see it. > > I am curious how browser can send such hidden cookie to CAS, when user goes > to apps? If browser can see it, there should be a way for us to see it. > > The reason I am asking is because I noticed that Ajax XhrRequest does not > seem to send TGC cookie in some circumstances, so I need to investigate. The TGC is set by the CAS server using the domain of the CAS server. For example, my CAS server is at https://login.oregonstate.edu/cas/ and the TGC has a domain of "login.oregonstate.edu<http://login.oregonstate.edu>" and a path of "/cas". The browser will only send the cookie to the CAS, not the CAS client. The TGC persists the SSO session. It is not used by client applications. They receive a Service Ticket (ST) appended to the URL and validate the ST by calling CAS's /serviceValidate endpoint. A more complete description of this can be found at: https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html Thanks, Andy -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543943315.2944.37.camel%40uvic.ca.
