Hi Zhengjian It sounds to me like only the session to your webapp expired, but the session with CAS did not expire yet, hence you won't receive a new ticket by CAS. Closing the browser does not help, because you probably receive a persistent cookie from CAS.
You can verify that by looking at the cookies and accessing your CAS server directly whether the session still exists. In order to solve this problem, I guess you either have to make the session expiry of CAS shorter than the one of your webapp, or that your webapp logouts from CAS when the session of your webapp expires. HTH Michael Am 18.12.14 um 11:14 schrieb zjzhao: > Hi Michael, > I am using spring-security and cas. and the problem happens if I logged > in with user1, and aftre 30minutes it logs out automatically. then I tried to > log in with user2. so I get in the log, user 2 authentication success, then > user1 SERVICE_TICKET_NOT_CREATED. as you can see in the log. so that mean > the user1 is still in the session, even I close the browser... > > Best Regards, > Zhengjian > > Michael Wechner <[email protected]> 在 Thu, 18 Dec 2014 06:38:26 写道: >> I am not sure I understand, are you saying the same person tries to >> authenticate with a different username (but with the same browser session)? >> If so, have you tried logging out first? >> >> HTH >> >> Michael >> >> Am 18.12.14 um 06:52 schrieb zjzhao: >>> ============================================================= >>> WHO: admin+password >>> WHAT: supplied credentials: [admin+password] >>> ACTION: AUTHENTICATION_SUCCESS >>> APPLICATION: CAS >>> WHEN: Thu Dec 18 12:36:35 CST 2014 >>> CLIENT IP ADDRESS: 114.243.75.143 >>> SERVER IP ADDRESS: 10.0.0.31 >>> ============================================================= >>> >>> 2014-12-18 12:36:35,339 INFO >>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >>> trail record BEGIN >>> ============================================================= >>> WHO: dzjc >>> WHAT: http://211.157.186.173:1403/miit_jsi/j_spring_cas_security_check >>> ACTION: SERVICE_TICKET_NOT_CREATED >>> APPLICATION: CAS >>> WHEN: Thu Dec 18 12:36:35 CST 2014 >>> CLIENT IP ADDRESS: 114.243.75.143 >>> SERVER IP ADDRESS: 10.0.0.31 >>> >>> >>> hi, here is the log, it seems it will authenticates with the new user but >>> keeps the old user name when validate... >>> >>> >>> >>> >>> -------- Forwarded Messages -------- >>> From: Michael Wechner <[email protected]> >>> To: [email protected] >>> Subject: Re: [cas-user] SERVICE_TICKET_NOT_CREATED anyone has any idea why >>> this happen? >>> >>> >>> what does the log file cas.log say? >>> >>> Am 17.12.14 um 13:52 schrieb zjzhao: >>>> anyone had same problem? >>>> >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
