Hi, I use CAS Client version 3.2.0. I configured the SingleSignOutHttpSessionListener and SingleSignOutFilter in the "web.xml" file for achieving single signout.
This is working as expected. However, I have a small concern about the design. The HashMapBackedSessionMappingStorage is actually storing the entire session object in the Map. Our application is expected to have very high usage and heavily loaded session. The design here to store the actual session object in the memory is going to be expensive. Am I missing something? is there another explanation to how this won't be an issue in high usage apps? As an alternative, I am thinking of building custom design around the same concept except for storing the session itself.Since all the classes in this area are "final", I have to build a whole new class instead of overriding the existing. The Hashmap will store the session Id and a flag to indicate if the session has received "logout" notice from the CAS server. After a session is marked as "LOGOUT" in the Hashmap, whenever the user makes the next server request the single signout filter will catch it and invalidate the session. I am wondering if this kind of requriement ever came up and by any chance implemented in any other flavor of CAS Client. Thank you Madhavi -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
