It would only be creating sessions if the application specifically created one.
At Rutgers, we make sure none of our applications create any sessions before absolutely necessary. You can put the single sign out filter (in Java) further up the chain to make sure it gets executed before anything that would create a session. -Scott On Sun, Apr 27, 2008 at 11:56 PM, Axel Mendoza Pupo < [EMAIL PROTECTED]> wrote: > I was looking at this class because of when the > ticketGrantingTicketImpl.expire() method is executed behind the scenes > an http connection is made to the webapps to logout, and all is great, > but analizing deeply in the system the HttpClient class when make a > connection to the webapps did not maintain any kind of session and for > every connection it would be creating an httpSession on the destiny > webapp. I think that if its possible the HttpClient should maintain the > session to reuse in case that is necessary like the browsers. And > another question: this is not a little DoS(Denial of Service) attack??? > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
