Bill:
>Are you simply trying to log the user out of the Application? If so,
>you need to invalidate the Application Session at the Application
>layer. This is independent of CAS.
If you also want to end the CAS SSO Session, then you redirect to
CAS/logout after the Application Session is invalidated. Clear? In
a general Enterprise SSO deployment, you would not redirect to
CAS/logout, since this would defeat the purpose of SSO.
>From your example, it sounds like may still have the first users
Application Session active...which would be true if you only did a
CAS/logout.
session.invalidate();
response.sendRedirect("https://xxxx/logout";);
In my app module, after a login, I check
userId =
(String)session.getAttribute("edu.yale.its.tp.cas.client.filter.user");
Although the first user signed off, and the second userid signed on,
here it still brings back the first userid.
Thanks
Ram
_______________________________________________
Yale CAS mailing list
cas@tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
