On 2010-12-10, at 6:36 PM, Scott Battaglia wrote: > Our recommendation has always been to send them to a page that essentially > says "You've logged out of this application. You have, however, initiated a > single sign on session. Click here to log out of that." Clearly you > wouldn't use that text, but the idea is to let them know they've only logged > out "locally" and this other thing exists.
A number of years ago, we added an extra CAS call to our local CAS called "appLogout", which we hoped people would use instead of calling the CAS logout page directly. This allowed CAS to put up a standard page, and if there is a valid TGT available, it puts up a Logout button which links to Logout with instructions that this will terminate your SSO session. Unfortunately, because this isn't (yet?) a part of standard CAS, it hasn't been used consistently, so some apps use appLogout, some use Logout and some use the option Scott mentioned above. If it sounds like a useful addition, this could be added to the distributed CAS. If not, I think we will abandon this as a local mod as it is too hard to get consistency between apps when using something that isn't generally available in CAS. > Cheers, > Scott > > > On Thu, Dec 9, 2010 at 12:52 AM, ewhauser <[email protected]> wrote: > > This is not an issue with CAS itself, but more of a UX problem. When our > users logout of the application, we issue a redirect back to the main page > which in turns redirect them to the CAS login page. If the user leaves > their screen for a period of time longer than the Tomcat session timeout, > when they come back in and enter their user/pass they just get a redirect > back to the login page without an error message. It is pretty simple to > replicate if I just go to the login page and clear my cookies: > > 2010-12-09 09:24:25,628 [] [] [http-8080-11] DEBUG > org.springframework.web.servlet.DispatcherServlet.doService():693 - > DispatcherServlet with name 'hub-cas' processing POST request for > [/cas/login] > 2010-12-09 09:24:25,630 [] [] [http-8080-11] DEBUG > org.springframework.webflow.mvc.servlet.FlowHandlerMapping.getHandlerInternal():108 > - Mapping request with URI '/cas/login' to flow with id 'login' > 2010-12-09 09:24:25,631 [] [] [http-8080-11] DEBUG > org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution():161 > - Resuming flow execution with key 'e1s3 > 2010-12-09 09:24:25,633 [] [] [http-8080-11] DEBUG > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.defaultHandleException():297 > - Restarting a new execution of previously ended flow 'login' > 2010-12-09 09:24:25,634 [] [] [http-8080-11] DEBUG > org.springframework.web.servlet.DispatcherServlet.doDispatch():824 - Null > ModelAndView returned to DispatcherServlet with name 'cas': assuming > HandlerAdapter completed request h > andling > 2010-12-09 09:24:25,635 [] [] [http-8080-11] DEBUG > org.springframework.web.servlet.DispatcherServlet.processRequest():674 - > Successfully completed request > 2010-12-09 09:24:26,049 [] [] [http-8080-11] DEBUG > org.springframework.web.servlet.DispatcherServlet.doService():693 - > DispatcherServlet with name 'hub-cas' processing GET request for > [/cas/login] > > As you can see, the flow has been considered "ended" since I cleared my > session by clearing my cookies. > > One thing I've done in the past is use a Filter to detect expired sessions > and give the user a nice warning. However, for the user this is not > intuitive because they are on the login page -- it seems odd for them to > punch in a username and password and get an error about an expired session. > Ideally, it would be nice if the flow was created automatically when the > user POSTs on the login page. > > It's been a few users since I did anything with Webflow, so I would > appreciate it if anyone else has dealt with this or has thoughts. Thanks. > -- > View this message in context: > http://jasig.275507.n4.nabble.com/User-experience-for-expired-flows-tp3079618p3079618.html > Sent from the CAS Users mailing list archive at Nabble.com. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- Ray Davison Senior Systems Consultant Institutional, Collaborative, and Academic Technologies (ICAT) University Computing Services Simon Fraser University 778-782-4448 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
