search

Letractively / rubycas-server

Automatically exported from code.google.com/p/rubycas-server
GNU Lesser General Public License v2.1
0 stars 0 forks source link

Logout doesn't clear all sessions #122

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
We have a SOA setup and use rubycas-server to enable SSO across services. We 
noticed a problem when a user logs in from multiple browsers, the logout call 
from one browser clears off all PGTs for username irrespective of the TGT. 
However it doesn't clear off the ST, PT or even trigger a logout to the other 
broser sessions.  

What steps will reproduce the problem?
1. Login with a username from multiple browsers
2. Make sure PGTs are created for all the browser sessions
2. Logout from one of the browsers
4. Check the count of PGTs in the casserver db. None will be there

What version of RubyCAS-Server are you using? How is it installed (rubygem,
manual install)? How are you running it (webrick, mongrel, passenger,
etc.)?
Version- 1.8.7. Installed using rubygem. Running in apache-passenger setup 
using LDAP Authentication.

Original issue reported on code.google.com by Subraman...@gmail.com on 18 Jul 2012 at 5:58