Hi, I'm using CAS v3.4.11, and mod_auth_cas v1.0.8
I'm trying to figure out how best to logout of the services protected by mod_auth_cas. I don't necessarily want single-sign-out. The apps I have protected by mod_auth_cas have been configured to have logout links that link to https://mycas.server.com/cas/logout However, this is not satisfactory. It prevents the browser/user combo from being able to access a previously unaccessed cas-protected service without re-authenticating thru the cas server. But, it does not prevent the user from going back and continuing to use the service he just meant to log out of. Can someone point me to an example of how to logout/invalidate a mod_auth_cas session? Is that really an application-specific question, or is there something that can be done to apache to invalidate the session? Thanks, Jon -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
