--On 21 July 2009 09:41 -0400 "Anthony R. J. Ball" <[email protected]> wrote:
Well, of course you need the redirect at the beginning because of the login cookie. It is the repeated redirects after the fact that seem unnecessary. I'm not saying absolutely that I am right, just trying to figure out if I am, and if I'm not then why.
I think you might be missing that a typical CAS client install will only redirect to CAS once at the point the user first requires authentication.
The protocol and its various redirects and callbacks allow the CAS server to securely and authoritatively identify the user to the client application. Typically the client will store that identity in an HttpSession (or whatever local flavour of session management is available in the client) and won't bother the CAS server again.
If you don't have a mechanism to maintain sessions between the browser and the CAS client application then you will have to redirect to CAS on every request - but those extra redirects are not CAS's fault.
Dave ---------------------- David Spencer Information Systems and Computing University of Bristol -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
