Announcement Announcement Module
No announcement yet.
CAS session expired loop Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • CAS session expired loop


    I've a webapp with spring security 3.1 and CAS as authentication service. For a test, the session timeout of the webapp is 30minutes and the validity of a cas session is 2h.

    If I don't configure session-management, when the webapp session expires, I click on a link that leads to a protected resource, (1) it authenticates me automatically and then redirects to homepage. Normal. But then if I click on a link to a protected resource again, it does (1). So I'm stuck ...

    Now with session management, concurrent-session set to 1 and the expired-url set to "/j_spring_cas_security_logout" and the url to cas logout is set to "casServerUrl/cas/logout?service=mywebapp/j_spring_security_logout" (the success logout url is /).
    When the session expires, it enters into an infinite loop /j_spring_cas_security_logout -> casServerUrl/cas/logout?service=mywebapp/j_spring_security_logout -> / -> /j_spring_cas_security_logout -> casServerUrl/cas/logout?service=mywebapp/j_spring_security_logout -> / -> ...

    The problem here is when it arrives at /. It redirects again to the expired-url...

    It's really strange and I don't know why it behaves like that.

    If anyone has an idea and can explain me the flow, it would be be really appreciated.