Looking for opinion/experience/knowledge: Is it common for a web app using gateway mode to hit the CAS server on every click of a CAS-protected site when the user has no CAS session?
This seems a waste of CAS server resources to keep checking just in case the user authenticated through some other channel, especially very busy sites (we have one of these). If that's not the design intent, what might the proper use of gateway in this context be? Maybe check once, mark locally as "unauth" if not authenticated and not hit the server again until the user explicitly clicks a Login URL? Thanks. Tom. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
