Based on my experience with CAS 3.3.5: This happens whenever CAS server is not able find a SESSION for the request. So either, the credentials are submitted after Session timed out on CAS or some issue with stickiness of the session at load balancer which redirects request to another server than the one which served the GET request.
On Thu, Aug 26, 2010 at 2:46 PM, Cary, Kim <[email protected]> wrote: > Dear cas users! > > Our CAS server gets about 10000 requests a day for this URL and loads a > page: > x.x.x.15 - - [26/Aug/2010:11:57:10 -0700] "POST > /cas/login?method=POST&service= > https://wavenet.pepperdine.edu/psp/paprd89/?cmd=start&renew=true HTTP/1.1" > *200* 5111 > > However about 100 times a day, that request gets redirected: > x.x.x.25 - - [18/Aug/2010:04:58:49 -0700] "POST > /cas/login?method=POST&service= > https://wavenet.pepperdine.edu/psp/paprd89/?cmd=start&renew=true HTTP/1.1" > *302* - > > I thought this might be if the user's credentials were bad, but on testing, > that gets 200 as well, just a page load. I've tried a few variations on > this, logging out of the service and logging in successfully, unsuccessfully > & can't seem to do anything that gives a 302 . > > We were following up a user report where he access this url and got > redirected, not to the app, but to the cas login success page (he sent a > screenshot). Whut? Checking the logs, his POST Url, service, etc all are > fine. > > What might have caused this redirect to login success? > What is the legit reason a person might post like this and get 302 > (redirect)? > > Hope its not really something obvious. > > Thanks, > Kim > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
