Is there a reason you're not checking the session at all?
-Scott On 3/29/07, webzo <[EMAIL PROTECTED]> wrote:
I may need to add manual login to my webapp (meaning, not use the web.xmlmethod or jsp tag library). Just to be sure that I am covering all bases, I have described the logic I have used below. Can someone confirm that it sounds ok? Say there are 2 pages, Page1 and Page2. There is a link to Page2 from Page1. Basically, I want to make sure that whether the user goes to Page2 via Page1 or directly, he is always going to be authenticated. So, here is the logic that EVERY page executes- Get ticket parameter if ticket is null redirect to CAS login with renew=FALSE Get ticket parameter validate ticket if user is authenticated display page else redirect to CAS with renew=TRUE I am mostly concerned about passing renew=FALSE the first time because that makes CAS reuse a previous SSO session. I think I need to do this because if the user gets to Page2 from Page1, then ticket will be null. But I should not require the user to sign in again because he just did to enter Page1. If there is no ticket and I redirect to CAS with renew=false, I will be REQUIRED to login- is that a correct statement? Thanks for your time. ------------------------------ Need Mail bonding? Go to the Yahoo! Mail Q&A<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396546091>for great tips from Yahoo! Answers<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396546091>users. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
-- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
