On 13-09-10 10:58 AM, Scott Battaglia wrote:
Trenton,
Do you know if the session is expiring? Our sessions only last 5
minutes and there is also a terminate session listener thing (that's
clearly not the technical term but I don't have the code handy at work :-))
I don't think so. The timeout is 7200 by default, and we haven't
changed the default.
Scott
On Tue, Jul 30, 2013 at 7:14 PM, Trenton D. Adams <[email protected]
<mailto:[email protected]>> wrote:
Hi Guys,
I've tried a bunch of things with setting session attributes in CAS,
but none of them seem to work. I have a problem where our redirect
to our password management application works, but the user hits the
back button and is then immediately redirected to the service they
wanted to access, without being forced to change their password to
match our rules.
What I'd like to do, to solve this, is store a session variable
indicating that they failed during authentication. Then, when the
password manager redirects them back through CAS again, to get to
their service, it will pass a parameter indicating that their
session may continue. I'm not worried about people hacking that,
and putting it in manually. I just want to prevent most users from
hitting the back button.
All of these work until you've proceeded to the service, but then
the attribute is wiped, and is not seen when you return to CAS.
This one works temporarily, presumably because CAS doesn't use a
servlet container session.
final HttpServletRequest request;
request =
(HttpServletRequest)context.__getExternalContext().__getNativeRequest();
HttpSession session = request.getSession();
Same here...
context.getExternalContext().__getGlobalSessionMap().put("__autest",
"test value");
Same here...
context.getExternalContext().__getSessionMap().put("autest", "test
value");
Same here...
context.getFlowScope().put("__autest", "test value");
My class was defined as...
public class LoginChecksAction extends AbstractAction
I attempted the above in doExecute(), and used a web flow execution
listener to log the information on every request, to see if it's
working.
Thanks.
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Navy Penguins at your service!
Athabasca University
(780) 675-6195 <tel:%28780%29%20675-6195>
:wq!
--
This communication is intended for the use of the recipient to
whom it
is addressed, and may contain confidential, personal, and or
privileged
information. Please contact us immediately if you are not the
intended
recipient of this communication, and do not copy, distribute, or
take
action relying on it. Any communications received in error, or
subsequent reply, should be deleted or destroyed.
---
--
You are currently subscribed to [email protected]
<mailto:[email protected]> as: [email protected]
<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/__display/JSG/cas-user
<http://www.ja-sig.org/wiki/display/JSG/cas-user>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Navy Penguins at your service!
Athabasca University
(780) 675-6195
:wq!
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
