Crap, sorry for wasting people's time and internet bandwidth on an FAQ. Oops. I don't know why I didn't just search first, my apologies!
Chris On 2012/02/01 13:15, Andrew Mortensen wrote: > This is due to service cookie caching by the filter. If a service cookie is > good, the filter caches it on the protected server, and populates environment > variables from its contents. The cookie is then rechecked with the weblogin > servers when more than a minute has elapsed since the last check. > > The FAQ suggests the logout link of a protected service call a local logout > script to destroy the cosign service cookie (i.e., cosign-servicename=null) > before redirecting for global logout: > > Q: After I logout I can still access my Cosign Protected service for a small > window of time. Is Cosign broken? What's wrong? > > A: Cosign is not broken and you have done nothing wrong. You merely need to > customize and make use of the local logout script provided in scripts/logout. > The filters have a cache time (default 2 minutes) during which they will not > validate a user's status. As such, when a user returns post logout, the cache > is still valid and the user is still "logged in" to that one site for a few > seconds. To avoid this, simply call the local logout script which will > re-direct the user to the main logout script. > > http://weblogin.org/faq.shtml > > andrew > > > > On Feb 1, 2012, at 3:26 PM, Chris Hecker wrote: > >> >> I'm having weirdness with the centralized logout feature of cosign, and >> before I try debugging the various pieces, I figured I'd ask if it was >> actually normal. >> >> If I'm logged into a cosign protected page, and then I click a link to >> go to the logout page, then logout, I can hit the back button to go back >> to the original protected page. At first I thought this was just the >> browser cache, but I can actually click links on that page and go to >> other cosign protected pages that aren't in my cache. >> >> Looking at the headers a bit I notice the logout clears the "cosign" >> cookie, but the "cosign-blah" cookie isn't cleared. >> >> I haven't thoroughly tested this, but it seems like if I go back and hit >> refresh a while later, then it redirects to the login page like I'd expect. >> >> Do I have something misconfigured? Is there some delay? Do I need to >> debug this at a lower level? >> >> Thanks, >> Chris >> >> ------------------------------------------------------------------------------ >> Keep Your Developer Skills Current with LearnDevNow! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-d2d >> _______________________________________________ >> Cosign-discuss mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/cosign-discuss >> >> !DSPAM:4f29a76c8041627715042! >> >> >> > > ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
