Hi Jérôme and Merry Xmas, I can confirm to you that this issue is also happening in prod environment when session is expired (with no logout by user). When trying to re-authenticate, customers were unable to re-authenticate and had to delete cookies or empty cache or close browsers. As i already have mentioned, the workaround to do not use "TerminateWebSessionListener" is working fine. Meanwhile, I have seen that the code has changed in CAS server 4.0.0-SNAPSHOT but I haven't had time to test it yet.
BTW, i've seen that this code snippet has been removed in the current version, was that causing any issues? If that's the case, I opened a ticket for this issue at https://issues.jasig.org/browse/CAS-1243. Thanks for having a look into that. @Override public void sessionStarted(final RequestContext context, final FlowSession session) { final Service service; // Guard against exceptions that arise from attempts to access terminated flow sessions try { service = WebUtils.getService(context); } catch (final IllegalStateException e) { logger.debug("Error getting service from flow state.", e); return; } // If the user has requested a ticket for the service manager application // then tag the session so it is not terminated. if (service != null && service.getId().startsWith(serviceManagerUrl)) { final HttpSession webSession = WebUtils.getHttpServletRequest(context).getSession(false); if (webSession != null) { webSession.setAttribute(DO_NOT_TERMINATE, true); } } } 2012/12/17 jleleu <[email protected]> > Hi, > > That's a very custom scenario. Too bad for me, I'm not using IntelliJ, so > I won't be able to do the same test. > > With Tomcat 7.0 and auto deploy of the web application, I don't have the > problem. > > I imagine you're using auto deploy only for development and not for > production, correct ? > > The TerminateWebSessionListener has changed in CAS server 4.0.0-SNAPSHOT, > do you mind testing your scenario with this version ? > > Thanks, > Jérôme > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
