We are using CAS proxy to connect Roundcube webmail client to our IMAP server. For this we have a no longer developed phpCAS plugin. If we set CAS to a sliding session window, Roundcube's repeated requests for proxy tickets will keep the CAS session active indefinitely until the browser is closed. When setting CAS to a hard time out (say 8h), Roundcube opts to use an expired PT, which in turn results in the IMAP proxy (dovecot) using it as a password in LDAP which eventually locks the user's account.
We can modify the plugin to listen for a failed PT request and end the client session. But before we do that, I would like to know what others have done. How do you manage webmail client sessions (or do you)? Do you have a webmail system that handles this gracefully? This behaviour is not limited to webmail so any other perspectives are welcome. Thanks Ray P.S. Roundcube makes a request to check incoming mail every few minutes. Each request gets a new proxy ticket. With a sliding window, CAS extends its session each time. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543436684.2846.68.camel%40uvic.ca.
