Real logout?

Jean-Noel Colin jn.colin at gmail.com
Mon Sep 4 14:01:23 EDT 2006 

Scott Battaglia <scott.battaglia at ...> writes:

> 
> 
> Using the CAS logout url merely logs you out of CAS.  However you have
probably not ended whatever session that mod_cas has created.  I'm not sure if
mod_cas provides a "logout" or not.-Scott
> 
> On 9/4/06, Jean-Noel Colin <jn.colin at gmail.com>
wrote:
> HiI have a protected Apache resources using mod_cas; login works fine, with
properredirection. However, if I then go to the CAS logout screen and log out, I
canstill access my protected resources. I know the logout screen states that for
> security reasons, the browser window should be closed. So does that mean
thelogout function does not work?RegardsJean-Noel
Colin_______________________________________________Yale CAS mailing list
>
cas at tp.its.yale.eduhttp://tp.its.yale.edu/mailman/listinfo/cas
> 
> 
> 
> 
> 
> <div>
> <p>Using the CAS logout url merely logs you out of CAS.  However you have
probably not ended whatever session that mod_cas has created.  I'm not sure
if mod_cas provides a "logout" or not.<br><br>-Scott<br><br></p>
> <div>
> <span class="gmail_quote">On 9/4/06, Jean-Noel Colin <<a
href="mailto:jn.colin at ...">jn.colin at ...</a>> wrote:</span><blockquote
class="gmail_quote">
> Hi<br><br>I have a protected Apache resources using mod_cas; login works fine,
with proper<br>redirection. However, if I then go to the CAS logout screen and
log out, I can<br>still access my protected resources. I know the logout screen
states that for
> <br>security reasons, the browser window should be closed. So does that mean
the<br>logout function does not work?<br><br>Regards<br><br>Jean-Noel
Colin<br><br>_______________________________________________<br>Yale CAS mailing
list
> <br><a href="mailto:cas at ...">cas at ...</a><br><a
href="http://tp.its.yale.edu/mailman/listinfo/cas">http://tp.its.yale.edu/mailman/listinfo/cas</a><br>
> </blockquote>
> </div>
> <br>
> </div>
> 


Scott,

If I'm really logged out of CAS, how come I can still access the protected
section on Apache? I guess there's still the redirect from Apache to CAS to
check the validity of the ticket; how come the ticket is still valid? 

Cheers

Jean-Noel

More information about the cas mailing list