Results 1 to 2 of 2

Thread: invalidating ALL sessions (for 1 user) from a single application

  1. Mar 23rd, 2006, 02:43 PM #1
    slmcrae
    slmcrae is offline Junior Member
    Join Date
    Mar 2006
    Location
    Ipswich, MA
    Posts
    13

    Default invalidating ALL sessions (for 1 user) from a single application

    We have a web-based workflow application that uses frames to provide access to many other applications. We've implemented single sign on with CAS and Acegi so users can seamlessly pass between the various modules.

    Our problem is that we can't find a way to invalidate the sessions for ALL of those applications when the user logs out. Does anyone know of an elegant solution?

    We've tried calling jsp files (one per application) that normally would invalidate the sessions for each context, but the 'invalidate' command in those files doesn't seem to have any effect when called from CAS via a jsp file or a customised LogoutController.handleRequestInternal method.

    Thank you for all the wonderful help you continue to provide for us...
    Shari
  2. Mar 23rd, 2006, 06:49 PM #2
    Scott Battaglia
    Scott Battaglia is offline Senior Member
    Join Date
    Aug 2004
    Location
    Roselle Park, NJ
    Posts
    167

    Default

    CAS does not currently support single sign out. Its currently planned for a future version.

    You coul add the feature yourself but you'd also need a client that spoke the single sign out protocol.
    -Scott Battaglia

    JA-SIG Central Authentication Service 3.0
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules