I have a web app consisting of Backbone based UI deployed on apache web server and spring MVC based REST layer deployed on tomcat. When CAS is integrated at REST layer, it becomes complicated. Now I will need to manage the session on both the apache web server and the tomcat app server. People have pointed out that client side cookie is not very safe to use for session management, XmlHttpRequest doesn't work well with cross domain redirect. For example, after the user is logged out by peer, what will happen if the user clicks on a button to initialize a REST call). One way to get around this is to deploy the UI at the web app root at the REST layer, but I hate doing this as every UI change will require a war file rebuild and a server restart.
Any suggestion? Thanks a lot! Brandon -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
