Yes, I understand that Firefox shares cookies between tabs (and instances)
while IE only shares cookies between tabs.
The behavior I described below is quite disconcerting to our testers. So is
this test:
1. Login into CAS as user1 and goto Application
2. Open new tab
3. Login into CAS as user2
4. Goto application in new tab - you are still user one!
5.
This is true for both IE and Firefox. This behavior will be a show stopper for
us. It is imperative we maintain the behavior our users expect. If I do the
same test logging into our Peoplesoft portal the application will always see
the user as the second login. This is the behavior I also would expect. (i.e.
last login wins)
Is something mis-configured on our CAS server?
I thought I could change this behavior by setting "useSession = false" in the
Cas20ProxyReceivingTicketValidationFilter but that completely broke the
application. Firefox detected an endless redirect loop and stopped. In IE I
could the endless loop in my log files.
Thanks for any help on this.
Here is my web.xml:
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://xxx.utah.edu/cas/login</param-value>
</init-param>
<init-param>
<param-name>service</param-name>
<param-value>https://guide/uofu/stu/GraduateTracking</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://guide</param-value>
</init-param>
<init-param>
<param-name>artifactParameterName</param-name>
<param-value>ticket</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://xxx.utah.edu/cas</param-value>
</init-param>
<init-param>
<param-name>service</param-name>
<param-value>https://guide/uofu/stu/GraduateTracking</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://guide</param-value>
</init-param>
<!--<init-param>
<param-name>useSession</param-name>
<param-value>false</param-value>
</init-param>-->
</filter>
<filter>
<filter-name>CAS Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
Bryan Wooten
UIT Systems Administrator
University of Utah
[email protected]
Work: 801.585.9323
Cell: 801.414.3593
From: Scott Battaglia [mailto:[email protected]]
Sent: Thursday, June 24, 2010 8:13 PM
To: [email protected]
Subject: Re: [cas-user] Question about CAS login/logout
Browsers share state between tabs. If you've logged into one and then attempt
to log into a second, its most likely that it read the cookie and used that
session.
On Thu, Jun 24, 2010 at 3:11 PM, Bryan Wooten
<[email protected]<mailto:[email protected]>> wrote:
Hi all,
I am seeing some behavior I can't quite explain or understand.
Using Firefox I login into a CASified application (hitting the app directly and
then redirected to CAS login page). I then open a second tab and login as a
different user using the CAS login page. On the second tab I then hit the
CASified application. On the second tab I still have the identity of the first
login. Why don't I get the identity of the second login?
Does this make sense?
Bryan Wooten
UIT Systems Administrator
University of Utah
[email protected]<mailto:[email protected]>
Work: 801.585.9323
Cell: 801.414.3593
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
