I was looking at this class because of when the ticketGrantingTicketImpl.expire() method is executed behind the scenes an http connection is made to the webapps to logout, and all is great, but analizing deeply in the system the HttpClient class when make a connection to the webapps did not maintain any kind of session and for every connection it would be creating an httpSession on the destiny webapp. I think that if its possible the HttpClient should maintain the session to reuse in case that is necessary like the browsers. And another question: this is not a little DoS(Denial of Service) attack???
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
