Hello I'm seeing what I think is odd. I've taken a fresh copy of 3.3.5 and uploaded the included cas-webapp.war to tomcat and see the following.
I login using the default simpletestUsernamePasswordAuthenticationHandler and get a CASTGC set. I hit the logout url and I see that 2010-05-11 14:40:11,640 DEBUG [org.springframework.web.servlet.DispatcherServlet] - DispatcherServlet with name 'cas' determining Last-Modified value for [/cas-server-webapp-3.3.5/logout] 2010-05-11 14:40:11,642 DEBUG [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - Mapping [/logout] to handler 'org.jasig.cas.web.logoutcontrol...@f29df8a' 2010-05-11 14:40:11,642 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Last-Modified value for [/cas-server-webapp-3.3.5/logout] is: -1 2010-05-11 14:40:11,642 DEBUG [org.springframework.web.servlet.DispatcherServlet] - DispatcherServlet with name 'cas' processing request for [/cas-server-webapp-3.3.5/logout] 2010-05-11 14:40:11,643 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Removing ticket [TGT-3-s6uu19ROkI1tvG7lzAiuLYdlCBidadXfrDWEKz1Z2QH6s9VSa5-casdev1] from registry. 2010-05-11 14:40:11,643 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [TGT-3-s6uu19ROkI1tvG7lzAiuLYdlCBidadXfrDWEKz1Z2QH6s9VSa5-casdev1] 2010-05-11 14:40:11,643 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket [TGT-3-s6uu19ROkI1tvG7lzAiuLYdlCBidadXfrDWEKz1Z2QH6s9VSa5-casdev1] found in registry. 2010-05-11 14:40:11,643 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Ticket found. Expiring and then deleting. 2010-05-11 14:40:11,643 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket [TGT-3-s6uu19ROkI1tvG7lzAiuLYdlCBidadXfrDWEKz1Z2QH6s9VSa5-casdev1] from registry 2010-05-11 14:40:11,643 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASTGC] 2010-05-11 14:40:11,643 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASPRIVACY] 2010-05-11 14:40:11,643 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Rendering view [org.springframework.web.servlet.view.JstlView: name 'casLogoutView'; URL [/WEB-INF/view/jsp/default/ui/casLogoutView.jsp]] in DispatcherServlet with name 'cas' 2010-05-11 14:40:11,644 DEBUG [org.springframework.web.servlet.view.JstlView] - Forwarding to resource [/WEB-INF/view/jsp/default/ui/casLogoutView.jsp] in InternalResourceView 'casLogoutView' 2010-05-11 14:40:11,644 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Successfully completed request all looks fine. I hit the login page and am shown the login page. I add the expired cookie above using firefox webdeveloper toolbar and hit the login page again and I am shown the "Log In Successful" page. I then logout again and am shown 2010-05-11 14:41:13,337 DEBUG [org.springframework.web.servlet.DispatcherServlet] - DispatcherServlet with name 'cas' determining Last-Modified value for [/cas-server-webapp-3.3.5/logout] 2010-05-11 14:41:13,337 DEBUG [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - Mapping [/logout] to handler 'org.jasig.cas.web.logoutcontrol...@f29df8a' 2010-05-11 14:41:13,338 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Last-Modified value for [/cas-server-webapp-3.3.5/logout] is: -1 2010-05-11 14:41:13,338 DEBUG [org.springframework.web.servlet.DispatcherServlet] - DispatcherServlet with name 'cas' processing request for [/cas-server-webapp-3.3.5/logout] 2010-05-11 14:41:13,338 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Removing ticket [TGT-3-s6uu19ROkI1tvG7lzAiuLYdlCBidadXfrDWEKz1Z2QH6s9VSa5-casdev1] from registry. 2010-05-11 14:41:13,338 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [TGT-3-s6uu19ROkI1tvG7lzAiuLYdlCBidadXfrDWEKz1Z2QH6s9VSa5-casdev1] 2010-05-11 14:41:13,338 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASTGC] 2010-05-11 14:41:13,338 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASPRIVACY] 2010-05-11 14:41:13,339 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Rendering view [org.springframework.web.servlet.view.JstlView: name 'casLogoutView'; URL [/WEB-INF/view/jsp/default/ui/casLogoutView.jsp]] in DispatcherServlet with name 'cas' 2010-05-11 14:41:13,339 DEBUG [org.springframework.web.servlet.view.JstlView] - Forwarding to resource [/WEB-INF/view/jsp/default/ui/casLogoutView.jsp] in InternalResourceView 'casLogoutView' 2010-05-11 14:41:13,339 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Successfully completed request The ticket was not found in the registry this time but CASTGC still deleted. Infact I can make up any cookie value for CASTGC and I get the "Log In Successful" page. Is this expected behaviour? I would maybe think that if you have CASTGC cookie in your request that seems to be examined for a "Log In Successful" page to be returned, should that CASTGC cookie not be checked against the registry? This also happens if I use an LDAP fast bind auth handler... -- View this message in context: http://jasig.275507.n4.nabble.com/odd-behaviour-of-login-webflow-tp2173842p2173842.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
