We are using CAS proxy to connect Roundcube webmail client to our IMAP server. For this we have a no longer developed phpCAS plugin. If we set CAS to a sliding session window, Roundcube's repeated requests for proxy tickets will keep the CAS session active indefinitely until the browser is closed. When setting CAS to a hard time out (say 8h), Roundcube opts to use an expired PT, which in turn results in the IMAP proxy (dovecot) using it as a password in LDAP which eventually locks the user's account.
We can modify the plugin to listen for a failed PT request and end the client session. But before we do that, I would like to know what others have done. How do you manage webmail client sessions (or do you)? Do you have a webmail system that handles this gracefully? This behaviour is not limited to webmail so any other perspectives are welcome. Thanks Ray P.S. Roundcube makes a request to check incoming mail every few minutes. Each request gets a new proxy ticket. With a sliding window, CAS extends its session each time. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543436684.2846.68.camel%40uvic.ca.