Hi,
Thanks for sharing. The TerminateWebSessionListener is a great mechanism to
limit memory consumption, but it can sometimes cause trouble with some
specific configurations.
Invalidating directly the session don't work, so that's why the session is
marked to expire after x seconds. I'm surprised it woks with 0 second, I
think it generates issue when setting too low.
Best regards,
Jérôme LELEU
Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
2014-08-22 19:38 GMT+02:00 John Gasper <jgas...@unicon.net>:
> Hey all,
>
> I wanted to share an issue I found and the fix so that perhaps someone in
> the community can benefit. Moodle's CAS auth code (in version 2.6 and
> likely others) request a gateway authN request immediately before
> requesting the standard authN request. In theory this causes two Java web
> sessions to be created and ended, but in some cases (when the request and
> responses have little latency) the first session hasn't ended yet because
> it's on a 2 second delay before exploding.
>
> In this latter case, the Login form is shown and the session expires while
> the user is typing in their credentials.
>
> The fix from the CAS Server side is actually pretty simple. In the
> cas-servlet.xml file, the terminateWebSessionListener bean's
> timeToDieInSeconds property needs to be set to zero (0), like this:
>
> <bean id="terminateWebSessionListener"
> class="org.jasig.cas.web.flow.TerminateWebSessionListener"
>
> p:serviceManagerUrl="${cas.securityContext.serviceProperties.service}"
> p:timeToDieInSeconds="0" />
>
> Then the session dies immediately after the webflow ends instead of
> waiting two seconds. I don't know if there is a down side to making this
> change or not, but so far it has worked for two client applications (one
> Moodle and one was custom).
>
> If someone wants to see a detailed explanation of what is going on, then
> you can see my blog posting at
> https://www.unicon.net/about/blog/moodles-race-with-cas-server.
>
> --
> *John Gasper*
> IAM Consultant
> Unicon, Inc.
> PGP/GPG Key: 0xbafee3ef
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
