[cas-dev] Session confusion with CAS use
David Whitehurst
dlwhitehurst at gmail.com
Mon Jul 28 09:21:07 EDT 2008
Thanks guys. I found the cookies using Firefox. It's been a long
time since I've scrutinized things at this level, but it's time to
blow the dust off.
Even though I've successfully implemented CAS here, I fight a good
deal of skepticism by using open source.
Sorry for using the wrong list.
David
On 7/28/08, David Whitehurst <dlwhitehurst at gmail.com> wrote:
> 3.1.1
>
> On 7/28/08, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> > Which version of CAS are you using?
> >
> > -Scott
> >
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> >
> >
> > On Mon, Jul 28, 2008 at 8:49 AM, David Whitehurst <dlwhitehurst at gmail.com>
> > wrote:
> > >
> > > I can't seem to determine how session is handled using CAS. I'm using
> > > CAS on a state installation and I'm quite comfortable that the session
> > > is well protected. I've tested favorites, url in another browser,
> > > etc. but I don't see a cookie in c:\Documents and
> > > Settings\dlwhitehurst\Cookies\
> > >
> > > And, I'm not seeing any ids in the URL. And, I can't find hidden
> > > fields. Can someone help me here. I'm trying to clearly understand
> > > how this works and be sure that we're fully protected or at least
> > > understand our risks.
> > >
> > > Thanks,
> > >
> > > David
> > > _______________________________________________
> > > cas-dev mailing list
> > > cas-dev at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > >
> >
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
>
More information about the cas-dev
mailing list