> My problem is that when the http session of service app B times out the CAS > hosted login prompt is being rendered in the iframe.
That would happen for one of two reasons: 1. CAS SSO session has expired 2. Browser is not sending CASTGC cookie containing TGT to CAS server > When the session times out for B the CAS TGT is still valid. That seems to rule out #1, so I'd concentrate on #2. There are tools to dump the servlet request to a log file [1], which would help confirm or refute the cookie hypothesis. M [1] http://code.google.com/p/vt-middleware/wiki/vtservletfilters#RequestDumperFilter -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
