Mar 23rd, 2006, 02:43 PM
invalidating ALL sessions (for 1 user) from a single application
We have a web-based workflow application that uses frames to provide access to many other applications. We've implemented single sign on with CAS and Acegi so users can seamlessly pass between the various modules.
Our problem is that we can't find a way to invalidate the sessions for ALL of those applications when the user logs out. Does anyone know of an elegant solution?
We've tried calling jsp files (one per application) that normally would invalidate the sessions for each context, but the 'invalidate' command in those files doesn't seem to have any effect when called from CAS via a jsp file or a customised LogoutController.handleRequestInternal method.
Thank you for all the wonderful help you continue to provide for us...
Mar 23rd, 2006, 06:49 PM
CAS does not currently support single sign out. Its currently planned for a future version.
You coul add the feature yourself but you'd also need a client that spoke the single sign out protocol.