Our recommendation has always been to send them to a page that essentially says "You've logged out of this application. You have, however, initiated a single sign on session. Click here to log out of that." Clearly you wouldn't use that text, but the idea is to let them know they've only logged out "locally" and this other thing exists.
Cheers, Scott On Thu, Dec 9, 2010 at 12:52 AM, ewhauser <[email protected]> wrote: > > This is not an issue with CAS itself, but more of a UX problem. When our > users logout of the application, we issue a redirect back to the main page > which in turns redirect them to the CAS login page. If the user leaves > their screen for a period of time longer than the Tomcat session timeout, > when they come back in and enter their user/pass they just get a redirect > back to the login page without an error message. It is pretty simple to > replicate if I just go to the login page and clear my cookies: > > 2010-12-09 09:24:25,628 [] [] [http-8080-11] DEBUG > org.springframework.web.servlet.DispatcherServlet.doService():693 - > DispatcherServlet with name 'hub-cas' processing POST request for > [/cas/login] > 2010-12-09 09:24:25,630 [] [] [http-8080-11] DEBUG > > org.springframework.webflow.mvc.servlet.FlowHandlerMapping.getHandlerInternal():108 > - Mapping request with URI '/cas/login' to flow with id 'login' > 2010-12-09 09:24:25,631 [] [] [http-8080-11] DEBUG > org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution():161 > - Resuming flow execution with key 'e1s3 > 2010-12-09 09:24:25,633 [] [] [http-8080-11] DEBUG > > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.defaultHandleException():297 > - Restarting a new execution of previously ended flow 'login' > 2010-12-09 09:24:25,634 [] [] [http-8080-11] DEBUG > org.springframework.web.servlet.DispatcherServlet.doDispatch():824 - Null > ModelAndView returned to DispatcherServlet with name 'cas': assuming > HandlerAdapter completed request h > andling > 2010-12-09 09:24:25,635 [] [] [http-8080-11] DEBUG > org.springframework.web.servlet.DispatcherServlet.processRequest():674 - > Successfully completed request > 2010-12-09 09:24:26,049 [] [] [http-8080-11] DEBUG > org.springframework.web.servlet.DispatcherServlet.doService():693 - > DispatcherServlet with name 'hub-cas' processing GET request for > [/cas/login] > > As you can see, the flow has been considered "ended" since I cleared my > session by clearing my cookies. > > One thing I've done in the past is use a Filter to detect expired sessions > and give the user a nice warning. However, for the user this is not > intuitive because they are on the login page -- it seems odd for them to > punch in a username and password and get an error about an expired session. > Ideally, it would be nice if the flow was created automatically when the > user POSTs on the login page. > > It's been a few users since I did anything with Webflow, so I would > appreciate it if anyone else has dealt with this or has thoughts. Thanks. > -- > View this message in context: > http://jasig.275507.n4.nabble.com/User-experience-for-expired-flows-tp3079618p3079618.html > Sent from the CAS Users mailing list archive at Nabble.com. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
