On 13-07-08 05:30 PM, Ohsie, David wrote:
There was a session on this topic at the Apereo conference:
http://lanyrd.com/2013/apereo/schwpd/
Andrew Petro suggested either
1) Changing the message to tell users to logoff from the OS or lock screen
when they want to leave their seats.
2) A coronal mass ejection
For your own browser, if you turn off the "restore sessions upon restart"
feature, then you don't get that behavior, at least in chrome and I think
FF.
Yeah, I know, but this default behaviour is rather dumb. :P
FYI, I changed the ticketGrantingTicketCookieGenerator.xml to have...
p:cookieMaxAge="${tgt.timeToKillInSeconds:7200}"
This allows it to be changed in cas.properties. I suggest the same in
the next release of CAS.
david
-----Original Message-----
From: Trenton D. Adams [mailto:[email protected]]
Sent: Monday, July 08, 2013 4:49 PM
To: [email protected]
Subject: [cas-user] closing your browser message
For security reasons, please Log Out and Exit your web browser when you
are done accessing services that require authentication!
The above security message is no longer useful, and gives users a false
sense of security. Closing your browser will no longer remove the
cookie. Unfortunately, browser developers thought it useful to make
closing of the browser not constitute "end of session" anymore. I do
not know why they did this. I thought the cookie spec was very specific
about that, but it's been so long since I looked at it.
Does anyone know of a way of making browsers honour what we all once
held dear?
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Navy Penguins at your service!
Athabasca University
(780) 675-6195
:wq!
--
This communication is intended for the use of the recipient to whom it
is addressed, and may contain confidential, personal, and or
privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take
action relying on it. Any communications received in error, or
subsequent reply, should be deleted or destroyed.
---
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see http://www.ja-
sig.org/wiki/display/JSG/cas-user
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Navy Penguins at your service!
Athabasca University
(780) 675-6195
:wq!
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
