Hi,
We are evaluating CAS SOO, and were wondering how it handles HTTP sessions:
Suppose a user is browsing through several pages of the same web-application
("page1.jsp", "page2.jsp", "page3.jsp"), all within the same HTTP session.
Obviously, when accessing "page1" he'll be asked to log in, with the help of
the CAS server and tickets.
But what happens next, for "page2" and "page3" ?
1) Am I correct in assuming that usually, the AuthenticationFilter will note
that user is already logged in, and no further action is required?
So, in terms of load/performance, the CAS server will be involved only when
first accessing "page1", but it won't be bothered for "page2" and "page3" ?
2) Now, suppose we are extremely paranoid. Can we configure credentials to be
re-checked for every page, even "page2" and "page3"?
(Obviously this assumes the browser can automatically send credentials, without
asking the user to re-type them - for example, extract credentials from a
smartcard or from Windows login).
Thanks very much.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
