Real logout?

Scott Battaglia scott.battaglia at gmail.com
Mon Sep 4 19:30:01 EDT 2006 

Jean-Noel,

I don't know what mod_cas does exactly but it most likely only checks the
service ticket once (since its only valid once) and establishes some form of
independent session for the user.   This independent session does not rely
on whether the user is logged into CAS or not.

-Scott

On 9/4/06, Jean-Noel Colin <jn.colin at gmail.com> wrote:
>
>
> Scott Battaglia <scott.battaglia at ...> writes:
>
> >
> >
> > Using the CAS logout url merely logs you out of CAS.  However you have
> probably not ended whatever session that mod_cas has created.  I'm not
> sure if
> mod_cas provides a "logout" or not.-Scott
> >
> > On 9/4/06, Jean-Noel Colin <jn.colin at gmail.com>
> wrote:
> > HiI have a protected Apache resources using mod_cas; login works fine,
> with
> properredirection. However, if I then go to the CAS logout screen and log
> out, I
> canstill access my protected resources. I know the logout screen states
> that for
> > security reasons, the browser window should be closed. So does that mean
> thelogout function does not work?RegardsJean-Noel
> Colin_______________________________________________Yale CAS mailing list
> >
> cas at tp.its.yale.eduhttp://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
> >
> >
> > <div>
> > <p>Using the CAS logout url merely logs you out of CAS.  However you
> have
> probably not ended whatever session that mod_cas has created.  I'm not
> sure
> if mod_cas provides a "logout" or not.<br><br>-Scott<br><br></p>
> > <div>
> > <span class="gmail_quote">On 9/4/06, Jean-Noel Colin <<a
> href="mailto:jn.colin at ...">jn.colin at ...</a>> wrote:</span><blockquote
> class="gmail_quote">
> > Hi<br><br>I have a protected Apache resources using mod_cas; login works
> fine,
> with proper<br>redirection. However, if I then go to the CAS logout screen
> and
> log out, I can<br>still access my protected resources. I know the logout
> screen
> states that for
> > <br>security reasons, the browser window should be closed. So does that
> mean
> the<br>logout function does not work?<br><br>Regards<br><br>Jean-Noel
> Colin<br><br>_______________________________________________<br>Yale CAS
> mailing
> list
> > <br><a href="mailto:cas at ...">cas at ...</a><br><a
> href="http://tp.its.yale.edu/mailman/listinfo/cas">
> http://tp.its.yale.edu/mailman/listinfo/cas</a><br>
> > </blockquote>
> > </div>
> > <br>
> > </div>
> >
>
>
> Scott,
>
> If I'm really logged out of CAS, how come I can still access the protected
> section on Apache? I guess there's still the redirect from Apache to CAS
> to
> check the validity of the ticket; how come the ticket is still valid?
>
> Cheers
>
> Jean-Noel
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060904/5e750d70/attachment.html

More information about the cas mailing list