That's what I thought, but the documentation (https://wiki.jasig.org/display/CASC/phpCAS+logout), says that the logout() method will kill the current PHP session. So that assumes they application does not need to call session_destroy(). But if they do call session_destroy() before the phpCAS::logout(), will that cause any issues with the logout? I'd test it out myself, but I don't have access to the application, nor any current PHP applications to test with at the moment.
On 2/19/15, 9:57 AM, "Waldbieser, Carl" <[email protected]> wrote: >Ben, > >Likely, you also have some kind of PHP session for the application. > >=> Generally speaking, logging out of CAS SSO does *NOT* log you out of >any application sessions. <= > >So you might want to clear any normal PHP session prior to calling >`phpCAS::logout()`. > >Thanks, >Carl Waldbieser >ITS System Programmer >Lafayette College > >----- Original Message ----- >From: "Benjamin Cherian" <[email protected]> >To: [email protected] >Sent: Thursday, February 19, 2015 9:28:51 AM >Subject: [cas-user] Logout using phpCAS > >We have a vendor using phpCAS to implement SSO with our CAS server. They >created a custom login page to handle CAS. Login works fine, but logout >is currently an issue. Currently when we logout, phpCAS::logout() is >called and we are redirected to the CAS logout page. When I try to go to >any URL within the application, I'm not logged in. When I go to another >CAS enabled application, I am not logged in. > >But when I go back to the custom CAS login page, I am logged back in >without being prompted for login credentials. No interaction occurs >between the application and the CAS servers, so it is all within the >client and the application at this point of re-entry. > >Is this acceptable behavior for CAS, or is there something more that >needs to be done to be fully logged out of the application? > >Thanks, >Ben > >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
