On Wed, 22 Apr 2015, Christian Lévesque wrote: > No I'm not taling about the session timeout, I just want my first page to > be outside the session since I haven't provide any credentials yet. > > take this page when you're not connected > > https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 > > I can't wait 1 hour, 1 days, a month (ok just kidding) and when I'll > provide my username/password, google will log me in. With cas, it will > throw me a session timeout. Why a session timeout ? I haven't provide any > information, from a user perspective, its' frustrating.
The Login Ticket (LT) is generated when the login page is loaded, and it is stored in the JSESSION. According to the CAS protocol specification (http://jasig.github.io/cas/development/protocol/CAS-Protocol-Specification.html#head3.5), the LT is used to prevent the replaying of credentials. You can see the LT in the login page's HTML when you view source. That's why I suggested increasing the session timeout. I suspect Google is using something similar (check out the "GALX" form variable on their login form), but I can't be sure. :) Andy -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
