CASTGC does not timeout

Trenton D. Adams trenta at athabascau.ca
Mon Mar 17 15:55:06 EDT 2008 

Thanks Andrew,

but, we are only running 2.0.11, so we don't have those options as far as I know.

----- "Andrew R Feller" <afelle1 at lsu.edu> wrote:
> Hi Trenton,
> 
> What version of CAS are you using?  What type of timeout policy do
> you
> expect CAS to have?
> 
> By default, the TGT is configured to use an expiration policy that
> expires TGTs if the user has been idle for X amount of time.  There
> are
> several other expiration policies available with CAS including:
> 
> 1. MultiTimeUseOrTimeoutExpirationPolicy
> 2. NeverExpiresExpirationPolicy
> 3. ThrottledUseAndTimeoutExpirationPolicy
> 4. TimeoutExpirationPolicy
> 5. HardTimeoutExpirationPolicy (new with CAS 3.2)
> 
> Depending on your version of CAS, this is configured within either
> /WEB-INF/applicationContext.xml or
> /WEB-INF/spring-configuration/ticketExpirationPolicies.xml under the
> bean with the id of "grantingTicketExpirationPolicy".
> 
> HTH,
> 
> Andrew R Feller, Analyst
> University Information Systems
> 200 Fred Frey Building
> Louisiana State University
> Baton Rouge, LA, 70803
> (225) 578-3737 (Office)
> (225) 578-6400 (Fax)
> 
> 
> -----Original Message-----
> From: cas-bounces at tp.its.yale.edu
> [mailto:cas-bounces at tp.its.yale.edu]
> On Behalf Of Trenton D. Adams
> Sent: Monday, March 17, 2008 12:58 PM
> To: Yale CAS mailing list
> Subject: CASTGC does not timeout
> 
> Hi Guys,
> 
> We're running tomcat 4.0.x with Java 1.4.1.  I have been doing tests
> with session timeouts, as people have been complaining that sessions
> don't timeout for many hours.
> 
> So, I wrote a script to test it with wget.  
> 
> The credentials file looks like
> 'username=username&password=password'.
> The command line looks like this...
> 
> sessionTimeoutTest.sh 172800 172800 /tmp/login.html
> /tmp/wget-session.log /tmp/wget.cookies
> https://secure.athabascau.ca/cas/login /tmp/credentials.txt
> 
> So, after 48 hours, the CAS session has not timed out.  When I use
> our
> test environment, which unfortunately is different because we are
> running production CAS on a legacy environment, it times out in 7200
> seconds (+/- 60) as expected.  The test environment is tomcat5 and
> Java
> 1.4.2
> 
> FYI: This machine has been restarted recently as well, and it is not
> under very heavy load.
> 
> Does anyone have any clue what is happening?  We're thinking that an
> upgrade is in order, but would like to know why this is happening.
> 
> #!/bin/sh
> 
> # args timeout increment output.html logfile.log cookiefile url
> credentials.txt
> 
> TIMEOUT=$1
> INCREMENT=$2
> OUTPUT=$3
> LOGFILE=$4
> COOKIEFILE=$5
> URL=$6
> CREDENTIALS=$7
> 
> wget --no-check-certificate -o $LOGFILE -O $OUTPUT \
> --keep-session-cookies --load-cookies=$COOKIEFILE \
> --save-cookies=$COOKIEFILE "${URL}`cat $CREDENTIALS`"
> 
> NOTTIMEDOUT=true
> TOTALTIME=0
> while $NOTTIMEDOUT -eq 'true'; do
>   echo "Testing timeout at $TIMEOUT seconds";
>   sleep $TIMEOUT
>   ((TOTALTIME += $TIMEOUT));
>   wget --no-check-certificate -o $LOGFILE -O $OUTPUT
> --keep-session-cookies \
>     --load-cookies=$COOKIEFILE --save-cookies=$COOKIEFILE "$URL"
>   grep 'You have been logged' $OUTPUT
>   if [[ $? -ne 0 ]]; then
>     NOTTIMEDOUT=false
>     echo "Timeout at $TIMEOUT";
>     echo "Total time: $TOTALTIME";
>   fi
>   ((TIMEOUT += $INCREMENT)); # up the session test in 15 minute
> intervals
> done;
> 
> 
> __ 
>     This communication is intended for the use of the recipient to
> whom
> it
>     is addressed, and may contain confidential, personal, and or
> privileged
>     information. Please contact us immediately if you are not the
> intended
>     recipient of this communication, and do not copy, distribute, or
> take
>     action relying on it. Any communications received in error, or
>     subsequent reply, should be deleted or destroyed.
> ---
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas

More information about the cas mailing list