Thanks Mateusz and David! On Nov 15, 2012 11:25 AM, "Ohsie, David" <[email protected]> wrote:
> Adding just a bit more... > > Can TGT expiration be push backed due to client activity? > > Yes, you can set the separate "idle" and "hard" timeout for TGT's: > > > https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml > > <!-- TicketGrantingTicketExpirationPolicy: Default as of 3.5 --> > <!-- Provides both idle and hard timeouts, for instance 2 hour sliding > window with an 8 hour max lifetime --> > <bean id="grantingTicketExpirationPolicy" > class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy" > p:maxTimeToLiveInSeconds="${tgt.maxTimeToLiveInSeconds:28800}" > p:timeToKillInSeconds="${tgt.timeToKillInSeconds:7200}"/> > > Once a client trades in an ST for a session, that session timeout is > controlled by whoever is controlling the session. For example, > mod_auth_cas has the following: > > https://github.com/Jasig/mod_auth_cas/blob/master/README > > Directive: CASTimeout > Default: 7200 (2 hours) > Description: This is the hard limit, in seconds, for a mod_auth_cas > session (whether > it is idle or not). When a session has reached this age > and a new > request is made, the user is redirected to the CASLoginURL > to > obtain a new service ticket. When this new ticket is > validated, > they will be assigned a new mod_auth_cas session. Set > this value to '0' > in order to allow a non-idle session to not expire. > > Directive: CASIdleTimeout > Default: 3600 (1 hour) > Description: This is a limit, in seconds, of how long a mod_auth_cas > session can be idle. > When a request comes in, if it has been inactive for > CASIdleTimeout > seconds, the user is redirected to the CASLoginURL to > obtain a new > service ticket. > > RememberMe page which is mentioned below by Mateusz: > > https://wiki.jasig.org/display/CASUM/Remember+Me > > > David Ohsie > EMC Corporation > > -----Original Message----- > From: Szczap, Mateusz [mailto:[email protected]] > Sent: Thursday, November 15, 2012 3:25 AM > To: [email protected] > Subject: AW: [cas-user] What is the best way to handle CAS session timeout? > > 1. Yes, each client has it's own TGT stored as TGC (Ticket Granting > Cookie) in a secure domain (https) 2. If I am not mistaken if you are not > asking for new ST (Service Ticket), TGT will expire after a configurable > TGT timeout, which by default is 8 hours but it is configurable. > 3. It is a browser cookie and for security reasons it is removed after a > browser restarts (it is a non persistent cookie). Take a look at "remember > me" functionality, I think CAS supports this. > > PS. > I am still a new user to CAS but probably it is better to answer you than > you are left without any answer to your problem. > ________________________________________ > Von: Jonathan [[email protected]] > Gesendet: Donnerstag, 15. November 2012 02:51 > An: [email protected] > Betreff: [cas-user] What is the best way to handle CAS session timeout? > > The setup is 1 CAS server and 2 CAS client. > The user has been active on client 1, but has not been active on client 2. > > Does each client have its own TGT? > Can TGT expiration be push backed due to client activity? > > As for TGT, does this have to be a browser session cookie, or can TGT be > configured so that it can last even after the browser restarts? > > Thanks > Jonathan > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
