> We've not been very effective in educating our users about the distinct > nature > of CAS sessions and application sessions. I'm sure some users know they are > distinct, others think they are the same and others think they are both > distinct and the same simultaneously. The situation is not helped by some > client applications redirecting to the CAS logout page and others always > using > renew=true so the user can get quite mis-leading messages. > We had no such problems with users. Our architecture is that we have one entry point - page that lists available applications. On this page there is also 'Logout' button that redirects to CAS logout page. Every application has button 'Close' that causes that user is logged out of this application (session.invalidate()) and redirected to start page (one with applications list). Then, if user still wants to logout he may simply click Logout link. If he wants to enter to different application he just selects this from the list. It works good for us and is understood by the users. Although there may be use cases when there are direct jumps between aplications etc. and in general this architecture assumes that user always properly closes the applications.
-- Maciej Wisniowski _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
