Hi Amanda, The CasAuthenticationModule is essentially passive. Just as with Forms Auth without the CAS client, the Forms Authentication timeout property and the slidingExpiration property are the only things that would affect the authenticated state of a user over time.
Forms Authentication will generally redirect to the login page when the user attempts to navigate to a URL or invoke a service that requires authentication or where the user isn't authorized to access the resource. Do you have any kinds of AJAX calls going on behind the scenes, most likely ones that are running on a timer? Anothing thing to look into is whether it's specific to particular browsers. By any chance, is your site generating lots of cookies unrelated to authentication? Also, keep in mind that session state and forms authentication are separate. If you are using the Session to store security-related information, you should invalidate the forms authentication ticket when the session expires or is terminated and vice-versa. -Scott On Tue, Apr 17, 2012 at 2:11 PM, Amanda B <[email protected]> wrote: > I'm using the .Net Cas Client, and I'm having a problem where the user is > redirected to the CAS screen after sitting idle for a period of time. > (it's difficult to tell how long this time period is, but I was able to > reproduce it after waiting an hour) > > Instead of serviceName, the url parameter is ReturnUrl and it does not > contain the server url. I set the Forms authentication timeout to 480, > (the session timeout is also 480), so I don't understand why this is > happening and more importantly, I don't know how to fix it. Any help would > be appreciated. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
