To Oscar and those affected by this bug: Adding in this validity check ended up being more time consuming than I had thought it would be. That's largely due to not using Java too much. So, I did a temporary workaround for this bug and I wanted to share the idea in case it will help some others.
I just added some javascript to the casLoginView.jsp page that did a check for the CASTGC cookie. If that cookie is found it just deletes that cookie, sets another cookie to flag that the CASTGC has already been deleted once, and reloads the page. Then if that other flag cookie is set it doesn't delete the CASTGC cookie so it's not an infinite loop of deleting and reloading. This may not be the best solution, supported, etc... but it's what I did and it seems to work. It's what we'll use until we're ready to move to 4.0. Peter -- Peter Kirby System and Database Administrator @ Harding University On Fri, Mar 7, 2014 at 6:05 AM, Marvin Addison <[email protected]>wrote: > > I would be very interested in this as well. I just recently joined this > > list hoping to find a fix for this very issue. I've been experimenting > with > > it for two weeks straight. I'm so glad to know it's a known bug. > > Unfortunately, that doesn't make the phone ring any less. > > I had no idea it was having that kind of impact. I believe the fix in > 4.0 that was referred to is to perform a validity check on the ticket > in the CASTGC cookie at the beginning of the login flow. That check is > performed by a trivial flow action: > > > https://github.com/Jasig/cas/blob/ce14f00dacea2c90edd5a90c38750ea1f8e9f750/cas-server-webapp-support/src/main/java/org/jasig/cas/web/flow/TicketGrantingTicketCheckAction.java > > You should be able to use that component without change and wire it > into the login flow. We can consider porting that component to 3.5.x > if there's interest, though our resources applied the 3.5.x branch > will drop precipitously upon release of 4.0. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
