Trenton, Do you know if the session is expiring? Our sessions only last 5 minutes and there is also a terminate session listener thing (that's clearly not the technical term but I don't have the code handy at work :-))
Scott On Tue, Jul 30, 2013 at 7:14 PM, Trenton D. Adams <[email protected]>wrote: > Hi Guys, > > I've tried a bunch of things with setting session attributes in CAS, but > none of them seem to work. I have a problem where our redirect to our > password management application works, but the user hits the back button > and is then immediately redirected to the service they wanted to access, > without being forced to change their password to match our rules. > > What I'd like to do, to solve this, is store a session variable indicating > that they failed during authentication. Then, when the password manager > redirects them back through CAS again, to get to their service, it will > pass a parameter indicating that their session may continue. I'm not > worried about people hacking that, and putting it in manually. I just want > to prevent most users from hitting the back button. > > All of these work until you've proceeded to the service, but then the > attribute is wiped, and is not seen when you return to CAS. > > This one works temporarily, presumably because CAS doesn't use a servlet > container session. > final HttpServletRequest request; > request = (HttpServletRequest)context.**getExternalContext().** > getNativeRequest(); > HttpSession session = request.getSession(); > > > Same here... > context.getExternalContext().**getGlobalSessionMap().put("**autest", > "test value"); > > Same here... > context.getExternalContext().**getSessionMap().put("autest", "test > value"); > > Same here... > context.getFlowScope().put("**autest", "test value"); > > > My class was defined as... > public class LoginChecksAction extends AbstractAction > > I attempted the above in doExecute(), and used a web flow execution > listener to log the information on every request, to see if it's working. > > Thanks. > -- > Trenton D. Adams > Senior Systems Analyst/Web Software Developer > Navy Penguins at your service! > Athabasca University > (780) 675-6195 > :wq! > > -- > This communication is intended for the use of the recipient to whom it > is addressed, and may contain confidential, personal, and or privileged > information. Please contact us immediately if you are not the intended > recipient of this communication, and do not copy, distribute, or take > action relying on it. Any communications received in error, or > subsequent reply, should be deleted or destroyed. > --- > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
