Hi Everyone,
I am facing this strange bug regarding JSESSIONID. The symptom is that you
have to put your username and password twice, where one login attempt works
but the other one does not.
1. When I try to login to CAS and there is no existing JSESSIONID, the
login works.
2. But if I have a pre-existing JSESSIONID, then login attempt is
responded by a 302 redirect with a SET-Cookie header. With the new
JSESSIONID second login attempt works until we logout.
It is making me believe that for some reason, CAS cannot access the
JSESSIONID.
I have also verfied that this error is related to session variables by
using URLS instead of cookies for session management. If I set
<session-config>
<!-- Default to 5 minute session timeouts -->
<session-timeout>5</session-timeout>
<tracking-mode>URL</tracking-mode>
</session-config>
in my web.xml to force to pass JSESSIONID as part of URL, then the login
works without any error.
I am using CAS version 3.5.2, Apache Tomcat 7.0.37 and Java 1.7 on Debian
Linux.
Has anyone faced an issue like this ?
Thanks,
Mahmudul Hasan
System Engineer,
University of Lethbridge.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
