subject:"\[cas\-user\] Re\: CAS 3.5.x and 4.1.x difference in webflow, it persists beyond session timeout"

[cas-user] Re: CAS 3.5.x and 4.1.x difference in webflow, it persists beyond session timeout

2016-07-28 Thread Yan Zhou

This also explained another difference I have seen.

In 3.5.x  CAS,  if you stay on the login page for a while without typing 
anything.  Then, you type in user credential, the first time you 
essentially get "session timed out".  You would have to type user 
credential for the second time to login.

In 4.1.x CAS,  nothing like that, you can wait for a long time, and type in 
user credentials, it just works, because flow is resumed and variables are 
restored.

Yan

On Thursday, July 28, 2016 at 11:03:19 AM UTC-4, Yan Zhou wrote:
>
> Hi there,
>
> Is this a correct statement? I have observed difference.
>
> CAS 4.1.x using web flow encryption to capture flow states and stores them 
> on the client side. Therefore, even after http session expires, the flow 
> can resume and continue.  This means, I can walk away for hours, and as 
> long as my browser is up running, I can always come back and click 
> "Continue" to keep going. 
>
> CAS 3.5.x does not do that, the flow execution key is plain text and 
> stored in HTTP session, flow ends as session idle timeout.  This means, if 
> I walk away for hours, coming back and click "Continue", flow ends and 
> redirect me to the starting point of the flow.
>
> Thx.,
>
> Yan
>
>
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e975ea91-3759-45d0-9b21-5d9b1947e1f2%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] Re: CAS 3.5.x and 4.1.x difference in webflow, it persists beyond session timeout

2016-07-28 Thread Misagh Moayyed

All valid statements.

CAS v5 allows both options. Session persistence in v5 can happen locally, via
the container, via redis or via hazelcast.

--
Misagh

From: Yan Zhou
Reply: Yan Zhou
Date: July 28, 2016 at 8:07:17 AM
To: CAS Community
Subject: [cas-user] Re: CAS 3.5.x and 4.1.x difference in webflow, it persists
beyond session timeout

This also explained another difference I have seen.

In 3.5.x CAS, if you stay on the login page for a while without typing
anything. Then, you type in user credential, the first time you essentially
get "session timed out". You would have to type user credential for the second
time to login.

In 4.1.x CAS, nothing like that, you can wait for a long time, and type in
user credentials, it just works, because flow is resumed and variables are
restored.

Yan

On Thursday, July 28, 2016 at 11:03:19 AM UTC-4, Yan Zhou wrote:
Hi there,

Is this a correct statement? I have observed difference.

CAS 4.1.x using web flow encryption to capture flow states and stores them on
the client side. Therefore, even after http session expires, the flow can
resume and continue. This means, I can walk away for hours, and as long as my
browser is up running, I can always come back and click "Continue" to keep
going.

CAS 3.5.x does not do that, the flow execution key is plain text and stored in
HTTP session, flow ends as session idle timeout. This means, if I walk away
for hours, coming back and click "Continue", flow ends and redirect me to the
starting point of the flow.

Thx.,

Yan

--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e975ea91-3759-45d0-9b21-5d9b1947e1f2%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.579a2b36.5acf2a9b.95c8%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[cas-user] Re: CAS 3.5.x and 4.1.x difference in webflow, it persists beyond session timeout

Re: [cas-user] Re: CAS 3.5.x and 4.1.x difference in webflow, it persists beyond session timeout

2 matches

Site Navigation

Mail list logo

Footer information