CASTGC does not timeout

Trenton D. Adams trenta at athabascau.ca
Mon Mar 17 15:53:57 EDT 2008 

Yes, it is 2.0.11, the latest CAS version. 

It is a possibility it is due to local changes. But if it was, I would have kind of expected it to happen on tomcat5 and java 1.4.2 as well. 

Just kind of at a loss at this point. 

----- Original Message ----- 
From: "Scott Battaglia" <scott.battaglia at gmail.com> 
To: "Yale CAS mailing list" <cas at tp.its.yale.edu> 
Sent: Monday, March 17, 2008 12:19:26 PM (GMT-0700) America/Denver 
Subject: Re: CASTGC does not timeout 

Trenton, 

As there are multiple versions of CAS, you may want to specify which CAS version. From the description of your environment and from looking at your CAS home page it looks like you are running a 2.x version. It appears to be an older version as there doesn't appear to be an "lt". 

Have you looked at any change logs between your version and the most recent CAS 2.x version? 

-Scott 


On Mon, Mar 17, 2008 at 1:58 PM, Trenton D. Adams < trenta at athabascau.ca > wrote: 


Hi Guys, 

We're running tomcat 4.0.x with Java 1.4.1. I have been doing tests with session timeouts, as people have been complaining that sessions don't timeout for many hours. 

So, I wrote a script to test it with wget. 

The credentials file looks like 'username=username&password=password'. The command line looks like this... 

sessionTimeoutTest.sh 172800 172800 /tmp/login.html /tmp/wget-session.log /tmp/wget.cookies https://secure.athabascau.ca/cas/login /tmp/credentials.txt 

So, after 48 hours, the CAS session has not timed out. When I use our test environment, which unfortunately is different because we are running production CAS on a legacy environment, it times out in 7200 seconds (+/- 60) as expected. The test environment is tomcat5 and Java 1.4.2 

FYI: This machine has been restarted recently as well, and it is not under very heavy load. 

Does anyone have any clue what is happening? We're thinking that an upgrade is in order, but would like to know why this is happening. 

#!/bin/sh 

# args timeout increment output.html logfile.log cookiefile url credentials.txt 

TIMEOUT=$1 
INCREMENT=$2 
OUTPUT=$3 
LOGFILE=$4 
COOKIEFILE=$5 
URL=$6 
CREDENTIALS=$7 

wget --no-check-certificate -o $LOGFILE -O $OUTPUT \ 
--keep-session-cookies --load-cookies=$COOKIEFILE \ 
--save-cookies=$COOKIEFILE "${URL}`cat $CREDENTIALS`" 

NOTTIMEDOUT=true 
TOTALTIME=0 
while $NOTTIMEDOUT -eq 'true'; do 
echo "Testing timeout at $TIMEOUT seconds"; 
sleep $TIMEOUT 
((TOTALTIME += $TIMEOUT)); 
wget --no-check-certificate -o $LOGFILE -O $OUTPUT --keep-session-cookies \ 
--load-cookies=$COOKIEFILE --save-cookies=$COOKIEFILE "$URL" 
grep 'You have been logged' $OUTPUT 
if [[ $? -ne 0 ]]; then 
NOTTIMEDOUT=false 
echo "Timeout at $TIMEOUT"; 
echo "Total time: $TOTALTIME"; 
fi 
((TIMEOUT += $INCREMENT)); # up the session test in 15 minute intervals 
done; 


__ 
This communication is intended for the use of the recipient to whom it 
is addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take 
action relying on it. Any communications received in error, or 
subsequent reply, should be deleted or destroyed. 
--- 
_______________________________________________ 
Yale CAS mailing list 
cas at tp.its.yale.edu 
http://tp.its.yale.edu/mailman/listinfo/cas 



-- 
-Scott Battaglia 
PGP Public Key Id: 0x383733AA 
LinkedIn: http://www.linkedin.com/in/scottbattaglia 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080317/33f4b7a4/attachment.html

More information about the cas mailing list