So terminating session did not work, but we found the problem and solution. It seems phpCAS sets a cookie with the ticket when you login. The vendor created the page 'login.php', and the cookie was "session_for:login.php". Then on logout another cookie was set with the name "session_for:logout.php". Removing the "session_for:login.php" cookie disabled the auto login to the login.php and prompted for CAS credentials.
-Ben From: Mike Seiler <michaelsei...@fuller.edu<mailto:michaelsei...@fuller.edu>> Reply-To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Date: Thursday, February 19, 2015 at 11:05 AM To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Subject: Re: [cas-user] Logout using phpCAS Ben, I have several PHP applications. The only way that I've found to completely kill the local application session is to explicitly set the local PHP session to null and destroy it, then call the phpCAS::logout() method. This ensures that any additional attempts to log in to the local application require authentication through CAS. session_destroy() only kills a current session if one has started, so that means that you have the odd requirement of calling session_start() just to call session_destroy() session_start(); session_destroy(); // If you really want to make sure it all dies $_SESSION= null; phpCAS::logout(); Mike On Thu, Feb 19, 2015 at 7:56 AM, Waldbieser, Carl <waldb...@lafayette.edu<mailto:waldb...@lafayette.edu>> wrote: Ben, I am not sure, as I don't have the code in front of me at the moment, but calling phpCAS::logout() essentially should stop the current execution and redirect you to the logout URL on your CAS server. If you need to work around a bug, you could probably kill the local session and do the redirect directly in PHP. Thanks, Carl ----- Original Message ----- From: "Benjamin Cherian" <benjamin.cher...@villanova.edu<mailto:benjamin.cher...@villanova.edu>> To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Sent: Thursday, February 19, 2015 10:12:45 AM Subject: Re: [cas-user] Logout using phpCAS That's what I thought, but the documentation (https://wiki.jasig.org/display/CASC/phpCAS+logout), says that the logout() method will kill the current PHP session. So that assumes they application does not need to call session_destroy(). But if they do call session_destroy() before the phpCAS::logout(), will that cause any issues with the logout? I'd test it out myself, but I don't have access to the application, nor any current PHP applications to test with at the moment. On 2/19/15, 9:57 AM, "Waldbieser, Carl" <waldb...@lafayette.edu<mailto:waldb...@lafayette.edu>> wrote: >Ben, > >Likely, you also have some kind of PHP session for the application. > >=> Generally speaking, logging out of CAS SSO does *NOT* log you out of >any application sessions. <= > >So you might want to clear any normal PHP session prior to calling >`phpCAS::logout()`. > >Thanks, >Carl Waldbieser >ITS System Programmer >Lafayette College > >----- Original Message ----- >From: "Benjamin Cherian" ><benjamin.cher...@villanova.edu<mailto:benjamin.cher...@villanova.edu>> >To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> >Sent: Thursday, February 19, 2015 9:28:51 AM >Subject: [cas-user] Logout using phpCAS > >We have a vendor using phpCAS to implement SSO with our CAS server. They >created a custom login page to handle CAS. Login works fine, but logout >is currently an issue. Currently when we logout, phpCAS::logout() is >called and we are redirected to the CAS logout page. When I try to go to >any URL within the application, I'm not logged in. When I go to another >CAS enabled application, I am not logged in. > >But when I go back to the custom CAS login page, I am logged back in >without being prompted for login credentials. No interaction occurs >between the application and the CAS servers, so it is all within the >client and the application at this point of re-entry. > >Is this acceptable behavior for CAS, or is there something more that >needs to be done to be fully logged out of the application? > >Thanks, >Ben > >-- >You are currently subscribed to >cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: >waldb...@lafayette.edu<mailto:waldb...@lafayette.edu> >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > >-- >You are currently subscribed to >cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: >benjamin.cher...@villanova.edu<mailto:benjamin.cher...@villanova.edu> >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: waldb...@lafayette.edu<mailto:waldb...@lafayette.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: michaelsei...@fuller.edu<mailto:michaelsei...@fuller.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Michael Seiler -------------------------------------------------- Systems Integration Engineer Fuller Theological Seminary Phone: (970) 306-6105 michaelsei...@fuller.edu<mailto:michaelsei...@fuller.edu> Please NOTE: I respond to email at 8 AM, 1PM, and at 4:30PM. If you need more immediate help, please contact TSS (626.584.5675) and they can route the issue to the appropriate person. If this is a business process life or death emergency, you may call me at the above number. -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: benjamin.cher...@villanova.edu<mailto:benjamin.cher...@villanova.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
