Logout redirection is hard coded #2
Comments
ionparticle
added a commit
to ubc/cat
that referenced
this issue
Feb 11, 2014
The CAS logout URL can now be configured in web.xml instead of being hard coded in logout.jsp. This was done by adding a logout filter. Going to the url /cat/auth/logout will now log you out of the application. This also fixes a minor execution order bug on logout that leads to the session persisting after the first logout. The execution flow in the original logout.jsp goes: Application clears session, logout.jsp loads "My Courses" page, logout.jsp goes to CAS logout page to clear CAS session. What happens in our environment is that when logout.jsp loads "My Course", because its CAS session hasn't been expired, it was able to reauthenticate and recreate the application session. The workaround is to press logout again to truly logout. The actual fix swaps the last two operations so that it goes: Application clears session, redirects to CAS logout page to clear CAS session, redirects to "My Courses". Redirecting to "My Courses" needs to be done by the CAS server since the browser was redirect to the CAS page. Luckily, there is a "service" parameter that you can pass to the CAS logout url that tells the CAS server where to go after logout. Fixes usaskulc#2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When a user clicks logout, they get redirected to https://cas.usask.ca/cas/logout
Looks like the logout redirection url is hard coded here: https://github.com/usaskulc/cat/blob/master/cat/web/logout.jsp
Would be nice if it could be configurable.
The text was updated successfully, but these errors were encountered: