I don't know what mod_cas does exactly but it most likely only checks the service ticket once (since its only valid once) and establishes some form of independent session for the user. This independent session does not rely on whether the user is logged into CAS or not.
-Scott
On 9/4/06, Jean-Noel Colin <[EMAIL PROTECTED]> wrote:
Scott Battaglia <[EMAIL PROTECTED]> writes:
>
>
> Using the CAS logout url merely logs you out of CAS. However you have
probably not ended whatever session that mod_cas has created. I'm not sure if
mod_cas provides a "logout" or not.-Scott
>
> On 9/4/06, Jean-Noel Colin <[EMAIL PROTECTED]>
wrote:
> HiI have a protected Apache resources using mod_cas; login works fine, with
properredirection. However, if I then go to the CAS logout screen and log out, I
canstill access my protected resources. I know the logout screen states that for
> security reasons, the browser window should be closed. So does that mean
thelogout function does not work?RegardsJean-Noel
Colin_______________________________________________Yale CAS mailing list
>
[EMAIL PROTECTED]://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
>
> <div>
> <p>Using the CAS logout url merely logs you out of CAS. However you have
probably not ended whatever session that mod_cas has created. I'm not sure
if mod_cas provides a "logout" or not.<br><br>-Scott<br><br></p>
> <div>
> <span class="gmail_quote">On 9/4/06, Jean-Noel Colin <<a
href="" href="mailto:jn.colin@">jn.colin@...">[EMAIL PROTECTED]</a>> wrote:</span><blockquote
class="gmail_quote">
> Hi<br><br>I have a protected Apache resources using mod_cas; login works fine,
with proper<br>redirection. However, if I then go to the CAS logout screen and
log out, I can<br>still access my protected resources. I know the logout screen
states that for
> <br>security reasons, the browser window should be closed. So does that mean
the<br>logout function does not work?<br><br>Regards<br><br>Jean-Noel
Colin<br><br>_______________________________________________<br>Yale CAS mailing
list
> <br><a href="" href="mailto:cas@">cas@...">[EMAIL PROTECTED]</a><br><a
href="" href="http://tp.its.yale.edu/mailman/listinfo/cas">http://tp.its.yale.edu/mailman/listinfo/cas">http://tp.its.yale.edu/mailman/listinfo/cas </a><br>
> </blockquote>
> </div>
> <br>
> </div>
>
Scott,
If I'm really logged out of CAS, how come I can still access the protected
section on Apache? I guess there's still the redirect from Apache to CAS to
check the validity of the ticket; how come the ticket is still valid?
Cheers
Jean-Noel
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
