Hi Madhavi, On Jun 2, 2011, at 2:44 PM, Madhavi Polisetty wrote:
> Andy, > > Thank you for your response. > My issue with the approach you suggested is, if the user comes back and does > not click on anything on that screen and directly types in a URL for another > CASified application under the same CAS server > > Then since the TGT is still valid, the user will be able to access the new > application without any issue. > > If I could somehow take action on the logout right away after the session > timeout, I will not run into the above problem. The TGT is only known to the CAS server and the user. In the CAS protocol, there's no way for your application to log out on behalf of the user -- the user has to visit the logout page with her browser. Rhett > > Thanks > Madhavi > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
