Hi all, I found the point of my problem, that is:
If I open two applications (but not login yet) on two tabs of my browser, and I login into apllication 1 first. Then, the browser has cookies of CASTGC for my CAS domain. On another tab (which I already open before) I login with another valid account, my browser will post both account information and cookies of CASTGC to CAS server to authenticate. The CAS's authentication used the account customer give (ignore the existed CASTGC and create a new one). So, next time, in the application 1 if customer request authenticate, browser will use the new CASTGC -> make my problem So, could you pls give me some suggest to change some thing in Authentication manager to check where CASTGC included in the request or not (where, what should I change, ect.) to fix this issue Thanks and best regards, Anh Nguyen Ngoc On Sun, Oct 6, 2013 at 8:09 AM, Lava Kafle <[email protected]> wrote: > > On Sat, Oct 5, 2013 at 8:01 PM, Nguyen Dao Ngoc Anh > <[email protected]>wrote: > >> session > > > cookie from same app is same unless we grant different cookie name , > different tickets to different tomcat instances for the same principal, > picking from some service that generates loginIDs or connectign to a > database for the user verifying granting ticket and putting the allowed > sites for him via filter as u said spring configuration > > > Lava Kafle > Ms by Research in Computer Science > Kathmandu University > cell: > 9841224387 > 9801034557 > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- Nguyen Dao Ngoc Anh (Mr.) email: [email protected] <[email protected]> [email protected] phone: (+84)947265787 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
