Actually, Now that I look at that file closely, it is clear this is where the invalid session redirect must be inserted.
But, I am wondering about a difference between the Spring Docs and a forum post on stack overflow. Spring makes no mention of needing to add invalidate-session="false" in order to get it actually redirect to the invalid-session-url page. Any one have more information on that? Linda Toth University of Alaska - Office of Information Technology (OIT) - Identity and Access Management 910 Yukon Drive, Suite 103 907-450-8320 Fairbanks, Alaska 99775 [email protected] | www.alaska.edu/oit/ On Wed, Dec 4, 2013 at 2:38 PM, Linda Toth <[email protected]> wrote: > Hello > > I searched the list archives and didn't see any mention of this, soooooo > > Due to the recommendations for using CAS with Banner, we are currently > using 3.4.2.1 with no immediate plans to upgrade. > > The documentation seems clear enough for using the > > <http> > <session-management> invalid-session-url .../> > </http> > > and reminder to use > > <http> > <logout delete-cookies="JSESSIONID" /> > </http> > > I am assuming this would be placed in the securityContext.xml file, > correct? I am guessing that only because of the <sec:http …> forms I see > there. > > Linda > > -- > > Linda > > > Linda Toth > University of Alaska - Office of Information Technology (OIT) - Identity > and Access Management > 910 Yukon Drive, Suite 103 > 907-450-8320 > Fairbanks, Alaska 99775 > [email protected] | www.alaska.edu/oit/ > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
