Hi, It is a normal behavior for sessionCount to remain the same after user logout. No need to panic :)
CAS does not relies on creating and destroying an entire session for verifying whether or not user are login or not. Instead, CAS uses the cookie called *TGC *for SSO verification, you can use a common cookie browser for your web browser to see TGC in action (it literally named TGC in your CAS site cookie). What happen is: 1. User login, session create, TGC cookie created 2. User logout, TGC cookie destroyed 3. (If you haven't set anything, and by default) User close browser, session destroyed You can know more about TGC and CAS workflow here: https://apereo.github.io/cas/6.1.x/protocol/CAS-Protocol.html#cas-protocol I saw in some old thread in CAS 3 or CAS 4(can't remember specifically), some people suggest that removing the session after user logout will allow better performance for server. Which I didn't verified myself... However with today server being so powerful, I doubt there is a need for destroying user session after user logout, only destroying the TGC cookie is ok. See if the above info helps. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fddbf794-9618-40f3-b845-5928d6779f6f%40apereo.org.
