[cas-dev] Remember Me login
March, Andres
amarch at soe.sony.com
Tue Dec 12 18:14:26 EST 2006
I'm implementing a Remember Me (Save Password) feature and want to make the cookie have a variable lifespan: browser session if they don't choose "Remember Me" or 3 months if they do. However, my plan to substitute my own implementation for TicketGrantingTicketImpl is not possible because it is currently instantiated in a concrete fashion in the CentralAuthenticationServiceImpl rather than using a factory. Any ideas?
________________________________
From: cas-dev-bounces at tp.its.yale.edu [mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
Sent: Friday, November 17, 2006 10:59 AM
To: Mailing list for CAS developers
Subject: Re: [cas-dev] Remember Me login
Well TicketGrantingTickets themselves have a life-expectancy of whatever time you decide. It can be short or long. The key is making sure the cookie expiration time matches up with the TicketGrantingTicket expiration time.
Cookies only store the TicketGrantingTicket identifier.
-Scott
On 11/17/06, Alan D. Cabrera < alan.cabrera at simulalabs.com <mailto:alan.cabrera at simulalabs.com> > wrote:
Does anyone have any thoughts on my comments? Arnaud?
Regards,
Alan
On Nov 15, 2006, at 12:13 PM, Alan D. Cabrera wrote:
Do I understand the code correctly when I say that you store the ticket in a cookie? IIUC, won't the ticket expire after a short while?
Regards,
Alan
On Nov 15, 2006, at 10:15 AM, Arnaud Lesueur wrote:
Hi,
I have already open an issue in JIRA few months ago on this request and I also put my code as attachement. This
available here : http://www.ja-sig.org/issues/browse/CAS-366
If you think, this feature is usefull please vote for it !
Arnaud Lesueur
Le Mer 15 novembre 2006 18:47, Jack Tang a écrit :
Hi Alan
Can you share the code with me? I am now hacking the some problem.
Thank you very much.
/Jack
On 11/10/06, Alan D. Cabrera < alan.cabrera at simulalabs.com <mailto:alan.cabrera at simulalabs.com> > wrote:
On Nov 9, 2006, at 8:10 AM, Peter Havelaar wrote:
Alan D. Cabrera <alan.cabrera at ...> writes:
We also wish to support "remember me". What we plan on doing is
hacking the
CASFilter so that we store an encrypted token in a cookie. Its
format will be:
userid:expiration:salt
If the CASFilter sees this cookie, it will refresh the session
variables.
We also intend to modify the CAS login code to include
cas.remember URL
parameter which would instruct the filter to construct the token.
That is great!
When are these changes scheduled to be performed?
Well, we're making these changes internally this week. I am happy to
submit the code back to the community. Can anyone on the team comment?
Regards,
Alan
Alan D. Cabrera
VP Engineering
Simula Labs - The Open Source Venture Partners
p: +1 510 225 5588 f: +1 800 822 0471
alan at simulalabs.com www.simulalabs.com
_______________________________________________
cas-dev mailing list cas-dev at tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
Alan D. Cabrera
VP Engineering
Simula Labs - The Open Source Venture Partners
p: +1 510 225 5588 f: +1 800 822 0471
alan at simulalabs.com
www.simulalabs.com
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
Alan D. Cabrera
VP Engineering
Simula Labs - The Open Source Venture Partners
p: +1 510 225 5588 f: +1 800 822 0471
alan at simulalabs.com
www.simulalabs.com
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20061212/7966ee44/attachment-0001.html
More information about the cas-dev
mailing list