why is cas logout not working?
Scott Battaglia
scott.battaglia at gmail.com
Mon Feb 18 13:36:33 EST 2008
Per the CAS specification, Logout of the CAS server is /cas/logout not
/cas/logout.jsp
-Scott
On Feb 18, 2008 12:55 PM, Ramakrishnan Iyer <riyer at kumc.edu> wrote:
> Hello:
>
> When I hit a logout button on my webapp, I call the following:
>
> session.invalidate();
> for (int i = 0; i < cookies.length; i++)
> {
> casTicketCookie = cookies[i];
> System.out.println("set maxAge to zero in cookie");
> casTicket= casTicketCookie.getValue();
> casTicketCookie.setMaxAge(0);
> }
> response.sendRedirect("https://my.xxxx.edu/cas/logout.jsp");
>
> NOTE: I deliberately also set all cookies' ages to zero. (I know this is
> not needed).\
>
> However, when I try to log in, I go directly to the app and I am not
> forced to log in? Why? I don't have any other cas sessions.
>
> I was confused with your archive. In one place, it says that is the way it
> is, I have to close the browser. In another place, it asked users to make
> sure they use https to redirect to and not http.
>
> I have seen applications with cas where logout is a logout. Period!
>
> What is wrong here?
>
> Thanks
> Ram
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080218/31508ba4/attachment.html
More information about the cas
mailing list