Hi,
I am wondering what is the significance of the session timeout setting in CAS
web application.
I created CAS war file by making change to the web.xml to contain the following
<session-config>
<session-timeout>2</session-timeout>
</session-config>
I fired request to https://myhost/cas/login and printed the JSESSION ID and the
TGT cookie on the screen.
I waited for the session timeout (2 mins) and then tried the login url again in
the same open browser.
This time the JSESSION ID printed is a new one, but the TGT is same.
I even tried accessing one of the Client apps from same browser to make sure
TGT is capable of generating an ST and it worked fine.
In this case I am using DefaultTicketRegistry so the tickets are not persisted
to any permanent storage device.
My question is, how did CAS retrieve the TGT after the CAS web application
session has timed out? What effect does the timeout setting have in CAS
authentication process?
Thanks
Madhavi
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
