>> @Robert : thanks for pointing that out, but the CAS-814 ticket has a fix version set to 4.0.0 M1. Is it available in 3.5.0 ?
No, its available in the 4.0.0 branch. It requires a decent amount of work to keep track of that information in order to be able to clean it up. On Fri, Sep 7, 2012 at 8:17 AM, jleleu <lel...@gmail.com> wrote: > Hi, > > @Robert : thanks for pointing that out, but the CAS-814 ticket has a fix > version set to 4.0.0 M1. Is it available in 3.5.0 ? > > @Nick : > 1) Let's say you just loop through all tickets to remove "unsecure" ones. > You're right, using the MetaDataPopulator is somewhat abusing as it's not > intented to be used for deleting tickets, just for populating the > Authentication object. > Another option I'm thinking about : create an action in webflow just after > authentication to clean "unsecure" TGTs. > > 2) Looks like you're in bad situation with your users... > Why not use a shorter time for your webapp session to force CAS > round-trips ? webapp session = 10 min, CAS idle timeout = 30 minutes. > If they stay on the protected area on their webapp, CAS round-trips will > occur when the webapp session will die to renew security context and CAS > session. > Still not convinced ? Send a pull request with a new "touch()" method for > ticket... We'll see if we can get some agreement on this. > > Best regards, > Jérôme > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
