Thanks for the replies.
Some follow-on observations and test results. * We are logging out using the .NET CAS client method CasAuthentication.SingleSignOut(); * We have also tested by logging out from our application, and then manually visiting the cas/logout URL using HTTPS. This reports that we are logged out, but we are then able to login again without having to enter credentials. * Nancy, are you suggesting that we add those meta tags to the CAS login page, or our website? Kind regards, Richard From: J. Tozo [mailto:[email protected]] Sent: 05 February 2014 19:56 To: [email protected] Subject: Re: [cas-user] Unexpected auto login with CAS Hi, make sure you have logged out though HTTPS On Wed, Feb 5, 2014 at 5:27 PM, Nancy Snoke <[email protected] <mailto:[email protected]> > wrote: I believe that in IE8 if the cache option is set to automatic, then IE8 will ignore cache-control set to no-cache, and cache it anyway. You may have to tweak the page a bit but you probably need something like: <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" /> <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Expires" content="0" /> Nancy From: Richard Everett [mailto:[email protected] <mailto:[email protected]> ] Sent: Wednesday, February 05, 2014 11:13 AM To: [email protected] <mailto:[email protected]> Cc: 'Everett,Richard' Subject: [cas-user] Unexpected auto login with CAS Hello, Are using CAS 3.5.2 and have an issue whereby users can login without entering their credentials, as follows: * User logs in (entering their credentials) * User logs out * User goes to log in again, but instead of being presented with the CAS login screen they get logged back in This is happening very occasionally for our users, but on one PC in IE8 it happens every time for any user who logs in. We have studied the HTTP traffic when we see the issue on this one PC and cannot see anything significant that would help us figure out what is going on. In case it is relevant, our application is based on .NET, and were using the .NET CAS Client. Can anyone suggest what might be amiss? Kind regards, Richard -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Grato, J. Tozo _ °v° /(S)\ SLACKWARE ^ ^ Linux _____________________ because it works -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
