Okay, the situation is indeed weird, and i've tracked it down to a degree..
With my app on <server> and cas on <server:otherport>, i can log in and log out of cas without issue (so when i return to app after logout, it asks for user/pass, same with other apps that use cas) With my app on localhost and cas on <server>, the weird error happens that i log out of app, go to <server:otherport> for logout, and return to my localhost app, my iframe containing the cas page on <server:otherport> just logs the user back in. I don't fully know if it's because of localhost-server differences, or because localhost is actually my visual studio debug environment, but in the regular case where i deploy my app, it does work the way it should. To answer the question raised by Andrew: i have to use the iframe way, because of customer requests :-/ I've already set my cookie to be regular http too (not just https) I still need to investigate cas logs, will be for next week.. Thanks for the input already, cheers, Tom On Fri, Sep 23, 2011 at 3:31 PM, Marvin Addison <[email protected]> wrote: >> When I (in the same browser session) return to my app's login page >> (which has an iframe to CAS), CAS immediately logs in again as if it >> were still authorized > > Can you access services without further authentication at CAS? > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
