You could always enable the feature that says redirect after successful ticket validation: "redirectAfterValidation" which removes the ticket
http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml On Sun, Feb 15, 2009 at 11:07 AM, sol myr <[email protected]> wrote: > Hi, > > When using CAS, I've noticed that the browser-user can't press "Refresh" on > the 1st page he visits (the one which triggers the CAS login). The reason > appears to be the CAS ticket, which is concatenated to the URL, and > naturally becomes invalid after a "refresh". > > Example: > > 1. The user of the browser tries to visit "http://host/app/index.jsp > > 2. User is redirected to CAS, enters valid username+password, > then gets redirected to " > http://host/app/index.jsp?ticket=ST-1-gYJgZEaX0qLTKUHihlbA-cas > And can properly view this requested page. > > 3. However, if user now presses "Refresh", he gets an exception: > org.jasig.cas.client.validation.TicketValidationException: ticket > 'ST-1-gYJgZEaX0qLTKUHihlbA-cas' not recognized > > Is there a way to work around this behavior, so that user *can* press > refresh on the 1st page? > For example, could we tell CAS that if the HTTP session shows that user is > already logged in, then it's okay to ignore invlid tickets that are > concatenated to URLs? > > Thanks. > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
