On 13-09-11 01:47 AM, Jérôme LELEU wrote:
Hi,
Did you simply check that you have the same value for your JSESSIONID
cookie ?
Just to clarify things about the "terminate session listener", it has
been implemented since 3.5.x (not before). And you use CAS 3.4.10, right ?
Best regards,
Jérôme
I'm not sure what you mean by JSESSIONID, because as far as I can tell,
CAS does not use standard J2EE provided sessions, does it?
What is a "terminate session listener"? Is that to deal with J2EE
sessions? It seems to be set to die in 2 seconds after the end of the
flow, is that right?
If it does destroy the JSESSIONID session, is there a way I can store an
attribute permanently in the CAS session? And then later wipe it out if
they've passed a certain parameter?
I am currently working on our 3.5.x upgrade, along with enhancements.
2013/9/10 Trenton D. Adams <tre...@athabascau.ca
<mailto:tre...@athabascau.ca>>
On 13-09-10 10:58 AM, Scott Battaglia wrote:
Trenton,
Do you know if the session is expiring? Our sessions only last 5
minutes and there is also a terminate session listener thing (that's
clearly not the technical term but I don't have the code handy
at work :-))
I don't think so. The timeout is 7200 by default, and we haven't
changed the default.
Scott
On Tue, Jul 30, 2013 at 7:14 PM, Trenton D. Adams
<tre...@athabascau.ca <mailto:tre...@athabascau.ca>
<mailto:tre...@athabascau.ca <mailto:tre...@athabascau.ca>>> wrote:
Hi Guys,
I've tried a bunch of things with setting session
attributes in CAS,
but none of them seem to work. I have a problem where our
redirect
to our password management application works, but the user
hits the
back button and is then immediately redirected to the
service they
wanted to access, without being forced to change their
password to
match our rules.
What I'd like to do, to solve this, is store a session variable
indicating that they failed during authentication. Then,
when the
password manager redirects them back through CAS again, to
get to
their service, it will pass a parameter indicating that their
session may continue. I'm not worried about people hacking
that,
and putting it in manually. I just want to prevent most
users from
hitting the back button.
All of these work until you've proceeded to the service,
but then
the attribute is wiped, and is not seen when you return to CAS.
This one works temporarily, presumably because CAS doesn't
use a
servlet container session.
final HttpServletRequest request;
request =
(HttpServletRequest)context.____getExternalContext().____getNativeRequest();
HttpSession session = request.getSession();
Same here...
context.getExternalContext().____getGlobalSessionMap().put("____autest",
"test value");
Same here...
context.getExternalContext().____getSessionMap().put("autest", "test
value");
Same here...
context.getFlowScope().put("____autest", "test value");
My class was defined as...
public class LoginChecksAction extends AbstractAction
I attempted the above in doExecute(), and used a web flow
execution
listener to log the information on every request, to see if
it's
working.
Thanks.
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Navy Penguins at your service!
Athabasca University
(780) 675-6195 <tel:%28780%29%20675-6195>
:wq!
--
This communication is intended for the use of the
recipient to
whom it
is addressed, and may contain confidential, personal,
and or
privileged
information. Please contact us immediately if you are
not the
intended
recipient of this communication, and do not copy,
distribute, or
take
action relying on it. Any communications received in
error, or
subsequent reply, should be deleted or destroyed.
---
--
You are currently subscribed to cas-user@lists.jasig.org
<mailto:cas-user@lists.jasig.org>
<mailto:cas-user@lists.jasig.__org
<mailto:cas-user@lists.jasig.org>> as: scott.battag...@gmail.com
<mailto:scott.battag...@gmail.com>
<mailto:scott.battaglia@gmail.__com
<mailto:scott.battag...@gmail.com>>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/____display/JSG/cas-user
<http://www.ja-sig.org/wiki/__display/JSG/cas-user>
<http://www.ja-sig.org/wiki/__display/JSG/cas-user
<http://www.ja-sig.org/wiki/display/JSG/cas-user>>
--
You are currently subscribed to cas-user@lists.jasig.org
<mailto:cas-user@lists.jasig.org> as: tre...@athabascau.ca
<mailto:tre...@athabascau.ca>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/__display/JSG/cas-user
<http://www.ja-sig.org/wiki/display/JSG/cas-user>
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Navy Penguins at your service!
Athabasca University
(780) 675-6195
:wq!
--
You are currently subscribed to cas-user@lists.jasig.org
<mailto:cas-user@lists.jasig.org> as: lel...@gmail.com
<mailto:lel...@gmail.com>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/__display/JSG/cas-user
<http://www.ja-sig.org/wiki/display/JSG/cas-user>
--
You are currently subscribed to cas-user@lists.jasig.org as:
tre...@athabascau.ca
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Navy Penguins at your service!
Athabasca University
(780) 675-6195
:wq!
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
