I meant to include the snippet of my code performing the gateway:
//initialize the CAS library require_once('CAS.php'); $CASAUTH = array(
"version" => "2.0", "proxy" => FALSE,
"server" => "abc.com", "port" => 8444,
"uri" => "/cas", "start_session" => TRUE
); phpCAS::client($CASAUTH["version"], $CASAUTH["server"],
$CASAUTH["port"], $CASAUTH["uri"], $CASAUTH["start_session"]); // no SSL
validation for the CAS server phpCAS::setNoCasServerValidation();
phpCAS::setCacheTimesForAuthRecheck(0); $auth = phpCAS::checkAuthentication();
echo "authenticated: ".$auth; echo "phpCAS user: ".$_SESSION['phpCAS']['user'];
I'm always getting user A in my echo statement.
Thanks again,
Matt
On 11/13/10 5:47 PM, "Matthew Selwood" <[email protected]> wrote:
Hello all,
I'm having an issue using the gateway feature with phpCAS.
Here's my scenario:
1. User A logs in to CAS and then goes to website abc.com which is
gateway'ing using phpCAS. PhpCAS stores the user as 'A' in
$_SESSION['phpCAS']['user'].
2. User A now logs out of CAS. Note: no logout request is sent to abc.com
because it was using the gateway feature.
3. On the same computer, user B logs in to CAS and then goes to website
abc.com.
4. Website abc.com doesn't gateway back to CAS, because it still has the
$_SESSION['phpCAS']['user'] set to 'A'.
PhpCAS on website abc.com thinks user B is user A.
How do you clear the session between each phpCAS gateway? Is the only way to
get around such an issue to gateway against the CAS server each visit to
website abc.com?
Thanks,
Matt
-------------------------------
Matthew Selwood
Web and Identity Services Developer - Web Services
University of Victoria
250.472.5565 | [email protected] <mailto:[email protected]> | CLE C006
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
