The CAS SSO Session Timeout is a fixed window during which the SSO Cookie (i.e. Ticket Granting Ticket) is valid. During this time, if the browser remains open (i.e. the cookie is still retrievable), CAS will issue new service tickets for that user without asking for credentials.
http://www.ja-sig.org/wiki/display/CASUM/HOWTO+Configure+Single+Sign+On+Session+Timeout How your application session behaves is up to you. Once the application validates a service ticket, CAS is effectively out of the picture. The application could have a fixed session timeout or an idle session time out. Bill On Tue, Dec 22, 2009 at 2:07 PM, ttan <[email protected]> wrote: > Hi, > > What is the actual behavior around session time out? > > I have CAS webapp, and my webapp. The SSO time out is set to 2 min. My web > application’s session time out is set to 1 min. > > I have observed this: > > If there is activity within my web application, I can continue to use the > web application beyond the SSO timeout setting. Without activity, I get re > directed to the login screen right after the SSO timeout. > > If I use my web app beyond SSO timeout, then switch to CAS web app, and then > back to my webapp, I will be prompted to relogin. > > During this time, there is “activity” across multiple webapps so I (and > other users here) expects the SSO session timeout not to happen. > > What is the actual behavior, and is there any customization to achieve the > behavior I expect? > > Thanks! > > Theen-Theen > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
