Hi, Some days ago I was been doing some tests with the ticket expiration.
What I have found is that if you have the jsession still available you will be able to access to your protected resource. If the jsession cookie is deleted or expired a new jsession will be created as long as your TGT ticket (and your TGT cookie) is valid. Our idea is to reduce to the maximun the living time of the CAS session or jboss session. Do the following test to verify that the jsession cookie is not interfering with your expiration test. Once you know you ticked have expired, go to the browser and remove the jsession cookie and try now. If the ticked is really expired wou should be redirected to the login screen. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
