We have a vendor using phpCAS to implement SSO with our CAS server. They created a custom login page to handle CAS. Login works fine, but logout is currently an issue. Currently when we logout, phpCAS::logout() is called and we are redirected to the CAS logout page. When I try to go to any URL within the application, I'm not logged in. When I go to another CAS enabled application, I am not logged in.
But when I go back to the custom CAS login page, I am logged back in without being prompted for login credentials. No interaction occurs between the application and the CAS servers, so it is all within the client and the application at this point of re-entry. Is this acceptable behavior for CAS, or is there something more that needs to be done to be fully logged out of the application? Thanks, Ben -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
