org.jasig.cas.util.HttpClient
Scott Battaglia
scott.battaglia at gmail.com
Mon Apr 28 10:31:58 EDT 2008
It would only be creating sessions if the application specifically created
one.
At Rutgers, we make sure none of our applications create any sessions before
absolutely necessary. You can put the single sign out filter (in Java)
further up the chain to make sure it gets executed before anything that
would create a session.
-Scott
On Sun, Apr 27, 2008 at 11:56 PM, Axel Mendoza Pupo <
apupo at estudiantes.uci.cu> wrote:
> I was looking at this class because of when the
> ticketGrantingTicketImpl.expire() method is executed behind the scenes
> an http connection is made to the webapps to logout, and all is great,
> but analizing deeply in the system the HttpClient class when make a
> connection to the webapps did not maintain any kind of session and for
> every connection it would be creating an httpSession on the destiny
> webapp. I think that if its possible the HttpClient should maintain the
> session to reuse in case that is necessary like the browsers. And
> another question: this is not a little DoS(Denial of Service) attack???
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080428/9d64feda/attachment.html
More information about the cas
mailing list