Ben, I have several PHP applications. The only way that I've found to completely kill the local application session is to explicitly set the local PHP session to null and destroy it, then call the phpCAS::logout() method. This ensures that any additional attempts to log in to the local application require authentication through CAS.
session_destroy() only kills a current session if one has started, so that means that you have the odd requirement of calling session_start() just to call session_destroy() session_start(); session_destroy(); // If you really want to make sure it all dies $_SESSION= null; phpCAS::logout(); Mike On Thu, Feb 19, 2015 at 7:56 AM, Waldbieser, Carl <[email protected]> wrote: > Ben, > > I am not sure, as I don't have the code in front of me at the moment, but > calling phpCAS::logout() essentially should stop the current execution and > redirect you to the logout URL on your CAS server. If you need to work > around a bug, you could probably kill the local session and do the redirect > directly in PHP. > > Thanks, > Carl > > > ----- Original Message ----- > From: "Benjamin Cherian" <[email protected]> > To: [email protected] > Sent: Thursday, February 19, 2015 10:12:45 AM > Subject: Re: [cas-user] Logout using phpCAS > > That's what I thought, but the documentation > (https://wiki.jasig.org/display/CASC/phpCAS+logout), says that the > logout() method will kill the current PHP session. So that assumes they > application does not need to call session_destroy(). But if they do call > session_destroy() before the phpCAS::logout(), will that cause any issues > with the logout? I'd test it out myself, but I don't have access to the > application, nor any current PHP applications to test with at the moment. > > > > > > On 2/19/15, 9:57 AM, "Waldbieser, Carl" <[email protected]> wrote: > > >Ben, > > > >Likely, you also have some kind of PHP session for the application. > > > >=> Generally speaking, logging out of CAS SSO does *NOT* log you out of > >any application sessions. <= > > > >So you might want to clear any normal PHP session prior to calling > >`phpCAS::logout()`. > > > >Thanks, > >Carl Waldbieser > >ITS System Programmer > >Lafayette College > > > >----- Original Message ----- > >From: "Benjamin Cherian" <[email protected]> > >To: [email protected] > >Sent: Thursday, February 19, 2015 9:28:51 AM > >Subject: [cas-user] Logout using phpCAS > > > >We have a vendor using phpCAS to implement SSO with our CAS server. They > >created a custom login page to handle CAS. Login works fine, but logout > >is currently an issue. Currently when we logout, phpCAS::logout() is > >called and we are redirected to the CAS logout page. When I try to go to > >any URL within the application, I'm not logged in. When I go to another > >CAS enabled application, I am not logged in. > > > >But when I go back to the custom CAS login page, I am logged back in > >without being prompted for login credentials. No interaction occurs > >between the application and the CAS servers, so it is all within the > >client and the application at this point of re-entry. > > > >Is this acceptable behavior for CAS, or is there something more that > >needs to be done to be fully logged out of the application? > > > >Thanks, > >Ben > > > >-- > >You are currently subscribed to [email protected] as: > >[email protected] > >To unsubscribe, change settings or access archives, see > >http://www.ja-sig.org/wiki/display/JSG/cas-user > > > >-- > >You are currently subscribed to [email protected] as: > >[email protected] > >To unsubscribe, change settings or access archives, see > >http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- *Michael Seiler* -------------------------------------------------- Systems Integration Engineer Fuller Theological Seminary Phone: (970) 306-6105 [email protected] *Please NOTE:* I respond to email at 8 AM, 1PM, and at 4:30PM. If you need more immediate help, please contact TSS (626.584.5675) and they can route the issue to the appropriate person. If this is a business process life or death emergency, you may call me at the above number. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
