Hi! I am building a Rails Engine based on the CAS 3.0 protocol specifications you have here: https://github.com/Jasig/cas/tree/master/cas-server-protocol/3.0
However I am puzzled with the Remember-Me functionality. I think the protocol does not explain it very well. At some point (about TGT Cookies) the protocol says: Ticket-granting cookies MUST be set to expire at the end of the client’s browser session. However at Long-Term Ticket Granting it says: CAS Server MAY support Long-Term Ticket Granting Tickets (referred to as “Remember Me” functionality). If this feature is supported by the CAS Server, it is possible to perform recurring, non interactive re-logins to the CAS Server as long as the Long-Term Ticket Granting Ticket in the CAS Server is not expired and the browsers TGC Cookie is valid. So my question is: How TGC Cookie can be valid when a user closes his/her browser ? The whole idea of Long-Term Ticket Granting is to enable this but by requiring the TGC cookie to be valid it is impossible. Have I understood something incorrectly in CAS 3.0 ? Thanks! -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
