> I would be very interested in this as well. I just recently joined this > list hoping to find a fix for this very issue. I've been experimenting with > it for two weeks straight. I'm so glad to know it's a known bug. > Unfortunately, that doesn't make the phone ring any less.
I had no idea it was having that kind of impact. I believe the fix in 4.0 that was referred to is to perform a validity check on the ticket in the CASTGC cookie at the beginning of the login flow. That check is performed by a trivial flow action: https://github.com/Jasig/cas/blob/ce14f00dacea2c90edd5a90c38750ea1f8e9f750/cas-server-webapp-support/src/main/java/org/jasig/cas/web/flow/TicketGrantingTicketCheckAction.java You should be able to use that component without change and wire it into the login flow. We can consider porting that component to 3.5.x if there's interest, though our resources applied the 3.5.x branch will drop precipitously upon release of 4.0. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
