Thierry, CAS is setup such that if you request the login page without a service URL yet have a CASTGC cookie, it will pass you through to the generic success page without checking the validity of your cookie. Only when you attempt to request a ST will CAS validate your cookie and make you login if invalid.
The only way I have been able to address this is by setting up a custom Spring Web Flow action that assumes a default service URL if one is not specified. This forces CAS to validate the ticket. I am sorry that is all I can offer, A- On 7/12/09 5:31 PM, "Phil Ames" <[email protected]> wrote: > Hi Thierry, > Do you have any debug level logging information when this issue > occurs? Be sure to set "CASDebug On" in the mod_auth_cas > configuration as well as "LogLevel Debug" in the VirtualHost container > to capture the debug information. This will help us troubleshoot the > problem. > > Thanks, > -Phil > > On Sun, Jul 12, 2009 at 4:58 PM, Thierry > Delaitre<[email protected]> wrote: >> Hello, >> >> I¹m using CAS 3.3.3 on debian and 2 apache 2.2 servers with mod_auth_cas >> 1.0.8-3 on debian. >> >> I got a redirected loop¹ when signing after the session had expired. I >> sometimes do not experience this. Deleting the expired cookie fixed this. >> >> Is this a bug ? >> >> Thanks >> >> Thierry. >> >> The University of Westminster is a charity and a company >> limited by guarantee. Registration number: 977818 England. >> Registered Office: 309 Regent Street, London W1B 2UW. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user -- Andrew Feller, Analyst LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
