Hi, Two webapps, both protected by CAS. user is in both apps via SSO.
when user idle timeout kicks in, he is also logged out of CAS, i believe this is the correct behavior. Otherwise, after idle timeout, simply accessing B will get user in right away, which is a security problem. say, User walks away, app's idle timeout kicks in, but SSO session is still valid, now, some one else comes and access the app, that person would be right in B without being prompted for credentials. this brings up another usability problem. say, user is busy in one app A and idle in the other app B. B's idle timeout kicks in and also logged out of CAS. User remains in A, but when he access B, he is prompted for credentials (no SSO since CAS SSO session was already terminated). is my understanding correct? Thanks, Yan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8e74f8f8-1533-456e-9c6a-15e7ec943a58n%40apereo.org.
