Hi all, And what about destroying the session in the web container (ie Tomcat)? Wouldn't it be enough?
Cheers 2013/1/28 jleleu <[email protected]> > Hi, > > If you want to remove a cookie from a client app, you cannot rely on the > default CAS SLO. You need front channel logout requests. > > So, I would customize the CAS SLO by integrating invisible images (in the > CAS logout page) pointing to application logout urls (extra parameter for > each CAS service) from where you can destroy all the cookies you want. It > will work unless you have a cluster and no session affinity. > > Best regards, > Jérôme > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
