Questions about manual login process..

webzo webzo2000 at yahoo.com
Tue Apr 10 16:22:36 EDT 2007 

Any thoughts, Scott/Andrew?

----- Original Message ----
From: webzo <webzo2000 at yahoo.com>
To: Yale CAS mailing list <cas at tp.its.yale.edu>
Sent: Thursday, April 5, 2007 10:17:13 AM
Subject: Re: Questions about manual login process..

Hmm, check the session for what? Is there a way to check if the session is still valid? If there is, then my logic would become-
Check if session is valid
if valid
   display page
else
   redirect to CAS login with renew=TRUE
   Get ticket parameter
   validate ticket
   if user is authenticated
      display page
   else
      redirect to CAS again with
 renew=TRUE

Thanks.


----- Original Message ----
From: Scott Battaglia <scott.battaglia at gmail.com>
To: Yale CAS mailing list <cas at tp.its.yale.edu>
Sent: Wednesday, April 4, 2007 7:54:17 PM
Subject: Re: Questions about manual login process..

Is there a reason you're not checking the session at all?

-Scott

On 3/29/07, webzo <webzo2000 at yahoo.com
> wrote:
I may need to add manual login to my webapp (meaning, not use the web.xml method or jsp tag library). Just to be sure that I am covering all bases, I have described the logic I have used below. Can someone confirm that it sounds ok?

Say there are 2 pages, Page1 and Page2. There is a link to Page2 from Page1. Basically, I want to make sure that whether the user goes to Page2 via Page1 or directly, he is always going to be  authenticated. So, here is the logic that EVERY page executes-


Get ticket parameter
if ticket is null
   redirect to CAS login with renew=FALSE
Get ticket parameter
validate ticket
if user is authenticated
   display page
else
   redirect to CAS with
 renew=TRUE


I am mostly concerned about passing renew=FALSE the first time because that makes CAS reuse a  previous SSO session. I think I need to do this because if the user gets to Page2 from Page1, then ticket will be null. But I should not require the user to sign in again because he just did to enter Page1. 


If there is no ticket and I redirect to CAS with renew=false, I will be REQUIRED to login- is that a correct statement?

Thanks for your time.





Need Mail bonding?
Go to the 
Yahoo! Mail Q&A for 
great tips from Yahoo! Answers users.

_______________________________________________
Yale CAS mailing list

cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas






-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas









Don't get soaked.  Take a quick peek at the forecast 
 with theYahoo! Search weather shortcut._______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas







       
____________________________________________________________________________________
TV dinner still cooling? 
Check out "Tonight's Picks" on Yahoo! TV.
http://tv.yahoo.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070410/ad2f70e4/attachment.html

More information about the cas mailing list