I'm receiving reports from IE users that sometimes they experience the same "login form reset" issue as explained here:
http://jasig.github.io/cas/4.0.0/installation/Troubleshooting-Guide.html#login-form-clearing-credentials-on-submission I was able to confirm this when running CAS (3.5.2.1) locally on my machine. About 50% of the time, logins work in IE, and 50% of the time they don't, and the form just resets. So I modified my web.xml session-timeout to be -1 (indefinite) to test (the recommended solution in the link above), and that didn't work. I then started tracking the difference between browser cookies for both successful and failed authentications. When IE works (roughly 50% of the time), I have the following cookies: Direction Key Value Expires Domain Path Secure HTTP only =================================================================================================================== Sent TLTUID F9721979469C50D908BB469733B0D9ED Sent JSESSIONID E4B9D3127F482DE165A0D7CE0DBF1734 Received CASPRIVACY "" Thu, 01-Jan-1970 00:00:10 GMT / No No Received CASTGC TGT-9-NtkvfctEaM2xx4UEsmwsyeBwLG... At end of session / Yes No However, when IE doesn't work (again, roughly 50% of the time), I will only see something like: Direction Key Value Expires Domain Path Secure HTTP only =================================================================================================================== Sent JSESSIONID E4B9D3127F482DE165A0D7CE0DBF1734 Does this mean anything to anyone? What would cause the CASTGC, TLTUID and CASPRIVACY cookies to not be set sometimes, and why would this only be specific to IE? This behavior does not happen with Chrome, FF or Safari. What's the fix? Thanks! -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
