Announcement Announcement Module
No announcement yet.
CAS TGC cookie deletion Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Thanks Jerome.. I will start that one as a new thread. let us now stick to the CAS TGC cookie deletion. Is there any way to remove the cookie sitting in the browser. As per my understanding , the browser must ignore an expired cookie. but it is strange to see the cookie still remains.


    • #17
      The CASTGC cookie should be destroyed. Enable DEBUG logs on org.jasig.cas on CAS server side to investiguate...


      • #18
        Hi Jerome,

        I have enabled debug in the CAS server. I can see the following entries:

        2012-12-19 00:01:44,592 DEBUG [ nerator] - <Removed cookie with name [CASTGC]>
        2012-12-19 00:01:44,592 DEBUG [ nerator] - <Removed cookie with name [CASPRIVACY]>

        2012-12-19 00:01:44,608 DEBUG [org.jasig.cas.util.HttpClient] - <Attempting to access https://APPURL/j_spring_cas_security_check>
        2012-12-19 00:01:44,725 WARN [org.jasig.cas.util.HttpClient] - <Error Sending message to url endpoint [https://APPURL/j_spring_cas_security_check]. Error is []>
        2012-12-19 00:01:44,885 DEBUG [] - <Extractor did not generate service.>
        2012-12-19 00:01:44,885 DEBUG [] - <Extractor did not generate service.>
        2012-12-19 00:01:44,892 DEBUG [] - <Extractor did not generate service.>
        2012-12-19 00:01:44,892 DEBUG [] - <Extractor did not generate service.>
        2012-12-19 00:01:44,895 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - <Terminate web session C6891F3A4063E6583B1C5401DD017177.node1 in 2 seconds>
        2012-12-19 00:01:44,896 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - <Error getting service from flow state.>
        java.lang.IllegalStateException: No active FlowSession to access; this FlowExecution has ended
        at org.springframework.webflow.engine.impl.FlowExecut ionImpl.getActiveSession( 1)
        at org.springframework.webflow.engine.impl.RequestCon trolContextImpl.getFlowScope(RequestControlContext
        at ndBody8(
        at ndBody9$advice(
        at org.jasig.cas.web.flow.TerminateWebSessionListener .sessionStarted_aroundBody0(TerminateWebSessionLis
        at org.jasig.cas.web.flow.TerminateWebSessionListener .sessionStarted_aroundBody1$advice(TerminateWebSes
        at org.jasig.cas.web.flow.TerminateWebSessionListener .sessionStarted( )
        at org.springframework.webflow.engine.impl.FlowExecut ionListeners.fireSessionStarted(FlowExecutionListe
        at org.springframework.webflow.engine.impl.FlowExecut ionImpl.start(
        at org.springframework.webflow.engine.impl.FlowExecut ionImpl.start(
        at org.springframework.webflow.executor.FlowExecutorI mpl.launchExecution(
        at org.springframework.webflow.mvc.servlet.FlowHandle rAdapter.handle(
        at org.springframework.web.servlet.DispatcherServlet. doDispatch(
        at org.springframework.web.servlet.DispatcherServlet. doService(
        at org.springframework.web.servlet.FrameworkServlet.p rocessRequest(
        at org.springframework.web.servlet.FrameworkServlet.d oGet(
        at javax.servlet.http.HttpServlet.service(HttpServlet .java:617)
        at javax.servlet.http.HttpServlet.service(HttpServlet .java:717)
        at org.jasig.cas.web.init.SafeDispatcherServlet.servi ce_aroundBody2(
        at org.jasig.cas.web.init.SafeDispatcherServlet.servi ce_aroundBody3$advice( 7)
        at org.jasig.cas.web.init.SafeDispatcherServlet.servi ce(
        at ternalDoFilter(
        at Filter(
        at org.springframework.web.filter.CharacterEncodingFi lter.doFilterInternal( :88)
        at org.springframework.web.filter.OncePerRequestFilte r.doFilter(
        at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(
        at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(
        at ternalDoFilter(
        at Filter(
        at com.github.inspektr.common.web.ClientInfoThreadLoc alFilter.doFilter( :63)
        at ternalDoFilter(
        at Filter(
        at org.apache.catalina.core.StandardWrapperValve.invo ke(
        at org.apache.catalina.core.StandardContextValve.invo ke(
        at org.apache.catalina.core.StandardHostValve.invoke(
        at org.apache.catalina.valves.ErrorReportValve.invoke (
        at com.infosys.socialedge.tomcat.valves.SecureCookieV alve.invoke(
        at org.apache.catalina.core.StandardEngineValve.invok e(
        at org.apache.catalina.connector.CoyoteAdapter.servic e(
        at org.apache.coyote.http11.Http11Processor.process(H
        at org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.process(
        2012-12-19 00:01:53,538 INFO [] - <Reloading registered services.>

        We can see CASTGC and CASPRIVACY cookie removed but ,what is the problem with this Illegal State exception. Is it because of this. ? what modification needs to be done as to avoid this. The spring config still remains the same as in the earlier posts.

        Any pointers?



        • #19

          The stack trace is pretty frightening, but it's just a DEBUG log, so I would ignore it.

          We see that cookies are destroyed, but I'm worrying about the call of the https://APPURL/j_spring_cas_security_check url : what's the response for this url ? Where does it redirect you ? Isn't it a redirection to a protected url, which triggers a round-trip to CAS server ? which therefore will re-set CASTGC cookie ?

          Best regards,


          • #20
            Hi Jerome,

            We have configured the service URL as https://APPURL/j_spring_cas_security_check for ServiceProperties and refered by the casProcessingFilterEntryPoint.

            This is redirected to the CAS Loginpage configured as the loginurl in the spring.xml.

            A strange thing i notice is with the cookies in the Http Fox that shows calling of the /cas/logout as below
            Cookie sent :

            CASTGC End Of Session

            Cookie Recieved:

            CASTGC /cas-server-webapp-3.5.1 End Of Session

            CASTGC "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT

            CASPRIVACY "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT

            There is a redirect to /login Page of CAS after this ,which shows existence of the CASTGC cookie still in the browser, which ideally should not be. I am not sure why this redirection to /login page happens and also I suppose this might be a cause of issue. To trace the flow , I debugged CAS and I could see the following exception
            java.lang.IllegalStateException: No active FlowSession to access; this FlowExecution has ended

            It looks like the InitialFlowSetupAction is either not setting the configured service in Flowscope or there is some problem due to the call of /login page which interrupts the flow. Any suggestions please.