Questions about manual login process..

Scott Battaglia scott.battaglia at gmail.com
Wed Apr 4 22:54:17 EDT 2007 

Is there a reason you're not checking the session at all?

-Scott

On 3/29/07, webzo <webzo2000 at yahoo.com> wrote:
>
> I may need to add manual login to my webapp (meaning, not use the web.xmlmethod or jsp tag library). Just to be sure that I am covering all bases, I
> have described the logic I have used below. Can someone confirm that it
> sounds ok?
> Say there are 2 pages, Page1 and Page2. There is a link to Page2 from
> Page1. Basically, I want to make sure that whether the user goes to Page2
> via Page1 or directly, he is always going to be  authenticated. So, here is
> the logic that EVERY page executes-
>
> Get ticket parameter
> if ticket is null
>    redirect to CAS login with renew=FALSE
> Get ticket parameter
> validate ticket
> if user is authenticated
>    display page
> else
>    redirect to CAS with renew=TRUE
>
>
> I am mostly concerned about passing renew=FALSE the first time because
> that makes CAS reuse a  previous SSO session. I think I need to do this
> because if the user gets to Page2 from Page1, then ticket will be null. But
> I should not require the user to sign in again because he just did to enter
> Page1.
>
> If there is no ticket and I redirect to CAS with renew=false, I will be
> REQUIRED to login- is that a correct statement?
>
> Thanks for your time.
>
> ------------------------------
> Need Mail bonding?
> Go to the Yahoo! Mail Q&A<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396546091>for great
> tips from Yahoo! Answers<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396546091>users.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070404/f1cba316/attachment.html

More information about the cas mailing list