[cas-dev] Session confusion with CAS use

[David Whitehurst]

I can't seem to determine how session is handled using CAS.  I'm using
CAS on a state installation and I'm quite comfortable that the session
is well protected.  I've tested favorites, url in another browser,
etc. but I don't see a cookie in c:\Documents and
Settings\dlwhitehurst\Cookies\

And, I'm not seeing any ids in the URL.  And, I can't find hidden
fields.  Can someone help me here.  I'm trying to clearly understand
how this works and be sure that we're fully protected or at least
understand our risks.

Thanks,

David