I am not sure we ever fully consolidated the root cause, just that it was the cause. My guess would be that creating a brand new session at the JSP layer interferes with the session that is kept and managed by the SWF to manage the server-side conversational state, (which will no longer be true with the next release) and which is probably why you get rejected the first time. The session that SWF receives initially is missing the pieces that would allow it to resume normally.
But it's just a guess. You may have also read upon this thread: http://jasig.275507.n4.nabble.com/top-jsp-session-true-td4658701.html From: Alex Olson [mailto:a...@byu.edu] Sent: Monday, May 18, 2015 2:40 PM To: cas-user@lists.jasig.org Subject: [cas-user] CAS-1371 - Why does /logout creating new sessions gum up new login requests? Hi all, We recently ran into the bug described at https://issues.jasig.org/browse/CAS-1371. We had simply not removed the session="true" directive in top.jsp. But my question is, why does /logout creating new sessions cause the first request to /login to be served with a 302 redirect? In other words, I understand that we can fix the problem by simply removing the directive, but my curious brain would like to know WHY that fixes the problem. Thanks! --- Alex K. Olson -- You are currently subscribed to cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net <mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user