Thanks Ray, That clears my confusion. On Tue, 4 Dec 2018 at 10:38 PM, Ray Bon <[email protected]> wrote:
> Paramvir, > > I assume that by session cookie you mean your client application's session > cookie and not CAS's TGC. > The client application is responsible for managing its own session. Once > the user has been authenticated (service ticket validated), CAS is no > longer required. > > Ray > > On Tue, 2018-12-04 at 03:22 -0800, Paramvir Singh Karwal wrote: > > Hi Andy, > > My question is regarding the validation of session cookie, though first > time, the service ticket is validated by calling CAS's endpoint, but in > subsequent calls from the browser to application only session cookie is > sent, how does application validates session cookie, does application > server makes a record of the session cookie which can be checked with the > incoming calls containing session cookie. As depicted in the diagram there > is no call to CAS's from application server to validate the cookie this > time. > > On Saturday, October 22, 2016 at 3:17:39 AM UTC+5:30, Andrew Morgan wrote: > > On Fri, 21 Oct 2016, Yan Zhou wrote: > > > Hello, > > > > It was said that the TGT cookie (TGC) is hidden, so that we won't see > it. > > > > I am curious how browser can send such hidden cookie to CAS, when user > goes > > to apps? If browser can see it, there should be a way for us to see it. > > > > The reason I am asking is because I noticed that Ajax XhrRequest does > not > > seem to send TGC cookie in some circumstances, so I need to investigate. > > The TGC is set by the CAS server using the domain of the CAS server. For > example, my CAS server is at https://login.oregonstate.edu/cas/ and the > TGC has a domain of "login.oregonstate.edu" and a path of "/cas". The > browser will only send the cookie to the CAS, not the CAS client. > > The TGC persists the SSO session. It is not used by client applications. > They receive a Service Ticket (ST) appended to the URL and validate the ST > by calling CAS's /serviceValidate endpoint. > > A more complete description of this can be found at: > > https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html > > Thanks, > Andy > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543943315.2944.37.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543943315.2944.37.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJNOhayguXuysBwOGHS9EFroUsOO9MAf4H0__gim7EfnTZUzCg%40mail.gmail.com.
