Are your CAS nodes behind a load balancer? Is it configured to do sticky sessions? What is the length of its "timeout" period?
Misagh ----- Original Message ----- From: "Corin Lawson" <[email protected]> To: [email protected] Cc: [email protected], [email protected], [email protected] Sent: Wednesday, December 18, 2013 11:23:41 PM Subject: Re: [cas-user] Strange bug with JSESSIONID Hi, I am facing these same symptoms (i.e. you have to put your username and password twice). I have tried both suggestions here (changing tracking-mode and/or removing the page session in top.jsp) but to no avail. The only solution I have is to clear my browser cache, which is no solution at all. I am using CAS version 3.5.2, Jetty 9.1.0 and Java 1.7.0_45 on Ubuntu 10.04.4 (lucid). Please help! Cheers, Corin. On Thursday, June 27, 2013 11:33:11 PM UTC+10, Russ Baker wrote: We had this exact same problem and this issues was discussed previously on another blog. It boiled down to an entry in “WEB-INF/view/jsp/default/ui/includes/top.jsp” where the session was being created each time. In top.jsp, there is a directive “<%@ page session="true" %>”. Change that to false or completely remove it and that should solve it. From: Mahmudul Hasan [mailto: [email protected] ] Sent: Wednesday, June 26, 2013 5:38 PM To: [email protected] Subject: [cas-user] Strange bug with JSESSIONID Hi Everyone, I am facing this strange bug regarding JSESSIONID. The symptom is that you have to put your username and password twice, where one login attempt works but the other one does not. 1. When I try to login to CAS and there is no existing JSESSIONID, the login works. 2. But if I have a pre-existing JSESSIONID, then login attempt is responded by a 302 redirect with a SET-Cookie header. With the new JSESSIONID second login attempt works until we logout. It is making me believe that for some reason, CAS cannot access the JSESSIONID. I have also verfied that this error is related to session variables by using URLS instead of cookies for session management. If I set <session-config> <!-- Default to 5 minute session timeouts --> <session-timeout>5</session-timeout> <tracking-mode>URL</tracking-mode> </session-config> in my web.xml to force to pass JSESSIONID as part of URL, then the login works without any error. I am using CAS version 3.5.2, Apache Tomcat 7.0.37 and Java 1.7 on Debian Linux. Has anyone faced an issue like this ? Thanks, Mahmudul Hasan System Engineer, University of Lethbridge. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
