hi, you get 2 cookies. one with jsessionid from tomcat(this one is not really important for cas) and one TGT-Cookie from CAS. If you log in the you will get a TGT-Cookie from CAS. If you contact your CAS-Server later, the he will search for this cookie. If it exists and if it is not expired, then he recognizes you (your browser) as a logged-in user. For better understanding try this: Open App1 -> log in -> delete the cookies which you got from the CAS-Server -> open App2 If you do this, then you should not get access to App2, because you have delete the TGT-Cookie
regards, stefan qingzhao zheng schrieb: > I have two simple test applications which are casenable.and they don't > have authority mechanism. > when I use IE browser. I visit app1 in IE browser window1,then I open > a new browser window to visit app2,it ask me to enter > username/password again. If I visit app1 and app2 in the same browser > window ,I only need to enter username/password once. > when I add a link to app2 in the app1 page,when I click the link > ,although it open up a new window to show app2,it doesn't ask > me to enter username/password again. > Why? > Comparing to IE,when I use Mozilla Firefox brower.No matter I visit > the two apps in the same window or in two different browser > windows ,I only need to enter username/password once. > it confusing me.Does it because cas use session mechanism(I must not > sure cas use cookie or session)? and the above tow browsers have > different implementation to support > session?Is cas designed to let a user access to all casenable > applications if the applicaions themself don't have authority mechanism? > can anyone explain it to me? thank you. > qingzhao > > ------------------------------------------------------------------------ > 雅虎邮箱,您的终生邮箱! <http://cn.mail.yahoo.com/> > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
