> * If in the browser, CASTGC cookie exists, then on receiving the
> authentication request on CAS server, this TGT should be expired and a SSOut
> signal should be sent to all the services registered against the TGT before
> granting a new TGT.
The SendTicketGrantingTicketAction Web flow action has code to do
exactly that (cited from 3.4.7 source):
protected Event doExecute(final RequestContext context) {
final String ticketGrantingTicketId =
WebUtils.getTicketGrantingTicketId(context);
final String ticketGrantingTicketValueFromCookie = (String)
context.getFlowScope().get("ticketGrantingTicketId");
if (ticketGrantingTicketId == null) {
return success();
}
this.ticketGrantingTicketCookieGenerator.addCookie(WebUtils.getHttpServletRequest(context),
WebUtils
.getHttpServletResponse(context), ticketGrantingTicketId);
if (ticketGrantingTicketValueFromCookie != null &&
!ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
this.centralAuthenticationService
.destroyTicketGrantingTicket(ticketGrantingTicketValueFromCookie);
}
return success();
}
I wonder if the multiple-tab issue is complicating matters such that
the cookies of the closed tab aren't sent to the server upon
reauthentication in the other tab. That's the only way I can explain
the behavior you've noted. Can you capture the Web request traffic
for the workflow you described above using a proxy or similar tool?
We only need the headers for each request and response.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
