Timeout questions..
Scott Battaglia
scott.battaglia at gmail.com
Sat Mar 24 15:33:43 EDT 2007
If your application times out then when the user tries to access it they
will be redirected to CAS and if the single sign on session still exists
they won't be prompted for their username/password.
You can force re-authentication by passing the renew=true to the login page
(i.e. https://localhost:8443/cas/login?renew=true&service=...)
-Scott
On 3/23/07, t ray <t_ray9505 at yahoo.com> wrote:
>
> Thank you for responding.
> If my application times out before CAS times out, then will CAS ask me to
> reauthenticate when I attempt to access a protected page? I need to somehow
> get CAS to ask me to reauthenticate when I want it to. How can I achieve
> this?
>
> Thanks.
>
>
> ----- Original Message ----
> From: Scott Battaglia <scott.battaglia at gmail.com>
> To: Yale CAS mailing list <cas at tp.its.yale.edu>
> Sent: Friday, March 23, 2007 10:37:15 AM
> Subject: Re: Timeout questions..
>
> Application sessions are independent of CAS sessions. You would need to
> set the session timeout in your application's web.xml.
>
> -Scott
>
> On 3/20/07, t ray <t_ray9505 at yahoo.com> wrote:
> >
> > Hello all,
> > I am attempting to implement inactivity timeout.
> > I set the value of session-timeout in CAS web.xml and expected the
> > session to timeout after the specified period of time. I expected any
> > attempt to access the webapp after the timeout to take the user to the login
> > page and after successful re-authentication, to the originally requested
> > page. However, this isn't hapenning. The timeout doesn't seem to take effect
> > at all. What am I missing? What does the session-timeout value represent-
> > number of minutes after which session will timeout regardless of user
> > activity or number of minutes session will timeout after last user activity?
> > I tried and the session doesn't timeout either way.
> >
> > Alternatively, if the above doesn't work, I was planning to invalidate
> > the session by calling session.invalidate( ) after my webapp detects a
> > timeout (it does this). That I believe will force CAS to re-authenticate the
> > user.
> >
> > Suggestions?
> >
> > Thanks
> >
> > ------------------------------
> > The fish are biting.
> > Get more visitors<http://us.rd.yahoo.com/evt=49679/*http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php?o=US2140&cmp=Yahoo&ctv=Q107Tagline&s=Y&s2=EM&b=50>on your site using Yahoo!
> > Search Marketing.
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------
> Don't be flakey. Get Yahoo! Mail for Mobile<http://us.rd.yahoo.com/evt=43909/*http://mobile.yahoo.com/mail>and
> always stay connected<http://us.rd.yahoo.com/evt=43909/*http://mobile.yahoo.com/mail>to friends.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070324/ea0fe5ee/attachment.html
More information about the cas
mailing list