Announcement Announcement Module
Collapse
No announcement yet.
Dropping authorization on Session expired Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dropping authorization on Session expired

    Is there a way to have authorizations expire when the session expires?

  • #2
    I assume you're using CAS? Normal Acegi form authentication should expire when the session goes away.

    With CAS maybe remove the cookie that Acegi looks for to match browser with secure context. Maybe use an HTTPSession event listener to take action when a session is invalidated.

    I'm interested in the same thing. If anyone has some best practices, please let us know.

    Comment


    • #3
      Actually I don't have CAS, could it be the RememberMe feature? I kind of included it from the examples floating around. If I understand it correctly it too uses a cookie to remember the authorization right?

      Comment


      • #4
        Yes RememberMe uses a cookie. Could be your problem, check what cookies you have from your app. If I remember right, the remember me cookie has a pretty obvious name.

        Comment


        • #5
          I thought about it but I just couldn't remember

          Comment

          Working...
          X