On Thu, 2 Jun 2011, Madhavi Polisetty wrote:
Andy,
Thank you for your response. My issue with the approach you suggested
is, if the user comes back and does not click on anything on that screen
and directly types in a URL for another CASified application under the
same CAS server
Then since the TGT is still valid, the user will be able to access the
new application without any issue.
If I could somehow take action on the logout right away after the
session timeout, I will not run into the above problem.
Our portal software (Luminis) has some sort of Javascript counter in the
client's browser that will automatically redirect to the CAS logout when
the session is expired.
I don't think there is a way for your application to logout on behalf of
the CAS user (as Rhett Sutphin said in another email just now).
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
